I wouldn't go by such anecdotal evidence as shutdown/reboot times. Check your event viewer logs for RPC/DCOM errors, monitor your network traffic, check for the suspicious files on the systems, scan for the ports opened by the worm, etc....
Mike ----- Original Message ----- From: <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> Sent: Tuesday, August 12, 2003 2:14 AM Subject: [fd] AW: [Full-Disclosure] attacks shutting down windows machines? > > Are they getting the windows shut down prompt? If so I would suggest > > that they aren't patched against the RPC DCOM vul and are infected or > > even if they aren't getting a prompt I think it's still > > highly possible > > Yes, it looks very much like the worm. However, someone here mentioned that > it takes about 1 min. for windos to crash (can't they do even that right? :) > ). > What we are seing are very rapid reboots, at most 20 seconds. > > > I'll put it on the worm for now. > > > Tom Vogt > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.netsys.com/full-disclosure-charter.html > _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
