Provided by Aanval (Snort & Syslog Intrusion Detection and Correlation Engine) www.aanval.com
--
GEN:SID | 1:1294 |
Message | NETBIOS nimda .nws |
Summary | This event is generated when traffic indicating Nimda worm activity is detected. |
Impact | Possible infection by the Nimda virus. |
Detailed Information | Nimda spreads by file infection, mass emailer, file share, or IIS unicode exploit to attack unpatched systems. |
Affected Systems | Windows 95 Windows 98 Windows ME Windows 2000 |
Attack Scenarios | An unpatched server is connected to the internet and is infected or an infected email is opened. Once infected the worm spreads itself. |
Ease of Attack | Simple |
Corrective Action | Check the suspect host for signs of infection. Apply patches or upgrade the operating system |
Additional References | Microsoft: http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/topics/virus/nimda.asp F-Secure: http://www.f-secure.com/v-descs/nimda.shtml |
Rule References | url: www.f-secure.com/v-descs/nimda.shtml |
--
DID:145805
--
http://www.aanval.com/