Brandon S. Allbery KF8NH wrote:
That said, this is probably not specific to AFS; I would suspect a garden-variety virus/worm that propagates itself via SMB shares.
I don't think this has anything to do with SMB shares.The publicly accessible contents of AFS are indexed by Google via a number of AFS Web gateways. I have seen several .cn IP addresses walking cells using AFS clients. AFS is not a backwater technology. If your cell is publicly accessible and permits system:anyuser to do anything other than read and list you are setting yourself up to be abused.
Periodically scan your cell volumes to ensure that ACLs are reasonable. Remember that there does not have to be a mount point that you created in order to access a volume. Anyone can produce a mount point to any volume in any cell.
Jeffrey Altman
smime.p7s
Description: S/MIME Cryptographic Signature
