On Thursday 01 August 2002 08:43 pm, shane wrote:
> Nimda virus affects Linux! My linux boxes have had their bandwidth chewed
> up by four thousand Nimda servers infected with IIS.
I had a script during the code red days that ran on my apache server. If a
remote server tried to run cmd.exe or whatever it was on my webserver, it
would fire up lynx and connect back to the infected remote server. It would
then make use of the vulnerability to run "arbitrary code" - which just
happened to be the M$ patch. Cleaned up my entire subnet in a couple of hours.
A friend of mine, who was afraid of the ramifications of altering and
rebooting a remote server (apparently this is still illegal even though
you're fixing the server) changed the script to do a "net send" to the
server's subnet. Those guys must have had lots of messages ;-)
-Mad
--
Madness is soil in which creativity grows
- Chris Bielek
Want to buy your Pack or Services from MandrakeSoft?
Go to http://www.mandrakestore.com
