Date: Thu, 20 Sep 2001 20:39:11 +0300 From: Giorgos Keramidas <charon@labs.gr> To: "Gary D. Margiotta" <gary@tbe.net> Cc: freebsd-isp@FreeBSD.ORG Subject: Re: Code Red?! Message-ID: <20010920203911.A23424@hades.hell.gr> In-Reply-To: <Pine.BSF.4.21.0109181410470.4810-100000@thud.tbe.net> References: <3.0.6.32.20010918131041.41301100@mail.seidata.com> <Pine.BSF.4.21.0109181410470.4810-100000@thud.tbe.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Gary D. Margiotta <gary@tbe.net> wrote: > > In addition, we just got word from one of our offices that there is > another happy joy M$ Outlook-based e-mail attachement worm which goes > through the address book, spams everyone in it and shares out the C: drive > for unrestricted sharing. True. Going through apache logs, I could find the IP addresses of a few Windows 98 machines, many Windows NT workstation/server machines, and several Windows 2000 boxes too. Having only recently installed Samba for accessing the files on a Windows box, I tried a few of them with: % smbclient //ip.addr.of.host/c\$ -N A surprisingly large number of these machines allowed me in. At least half of them had recently modified files in either C:\Inetpub\wwwroot or (depending on actual installation of IIS) on D:\Inetpub\wwwroot -- read ``recently modified'' as ``recently defaced sites''. Four of them had cdroms with backups still mounted on one of their drives. Blech. Am appaled to find out how many of the sites that `attack' my box have already been victims of kiddies who are turning this new Windows trojan in a deface-the-world party. - giorgos To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010920203911.A23424>