Along those lines, weren't there some projects last time around to find and
clean up the affected machines? Clearly there are LOTS of vulnerable NT
servers still out there. Presumably these are being responded to just like
Smurf amplifiers, and the problem is just that the admins are clueless or
unreachable?
So far the most prolific network probing us has belonged to 9NetAve, which
was bought by Concentric shortly before they became XO.
Kevin
Along those lines, weren't there some projects last time around to find and
clean up the affected machines? Clearly there are LOTS of vulnerable NT
servers still out there. Presumably these are being responded to just like
Smurf amplifiers, and the problem is just that the admins are clueless or
unreachable?So far the most prolific network probing us has belonged to 9NetAve, which
was bought by Concentric shortly before they became XO.
I got so far about 205 unique IPs from the scans. If anyone is interested
I can put them on a webpage. Or even put quickly a script with db in
the back for other people to provide their list of IPs.
This also has an e-mail vector and a web DOWNLOAD vector.
There may be lots of vulnerable NT servers, but there's a lot MORE copies
of Outlook and Internet Explorer out there.
Think SirCam *AND* CodeRed *AND* the infect-a-surfer vector....
We found the following on an infected server also:
For each share on the server, it generates a .eml file and puts it in the
root of the share. It then creates a index.asp, index.htm, default.asp and
default.htm on the root of the share which points to and downloads the .eml
file from the root of the share. Neat thing is, anyone with Active Desktop
(View my Desktop as a Web Page) enabled is going to get it, presumably.
Simply by browsing the shared directory. It looks like it morphs the .eml
file names to. Not all are "readme.eml", althought they all are ~ 79K in
size.
Happy disinfecting. My customer on the end of a 56K FR link was fsck'd this
afternoon. Welcome to IT during the first war fo the 21st century ...
Eric