On Mon, Mar 25, 2002 at 06:01:45AM -0300, Luiz Carlos Santos de Alencar wrote:
> Andrew Tait wrote:
> I've checked up one of that IPs; it's being used right now by a web
> server pretty much infected with I-Worm.Nimda.A! AVG identification.
> The standard page delivers a "readme.eml" file in a pop-up window;
> less then a minute to have an infected "readme.exe" being executed.
> I've heard about it, but never had seen until then.
> From a Linux box is safe to acess http 216.72.135.102 and verify
> that the host is infecting all the Window$ based visitors machines,
> using X/wav OE vulnerability, so far I know (*Atention* Do not try
> from a Win box; it's vulnerable).
> By the way, what to do about it...
The polite thing to do is to inform the owner of the machine.
If that is not possible, or you feel particularly bastardly, hack
the freaken thing and wipe it's drives.
And/or contact their upstream provider to get their IP feed pulled.
--
Share and Enjoy.
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
