With apologies, but this is likely to effect most of us (in one way or another):
Speaking of damn terrorists... for those tekkies out there, we are being
SLAMMED by what looks like a new, maybe MORE-violent-than-CodeRed worm.
Check out
http://www.incidents.org/alert.php
and check your machines.
"Evidently, a new worm is the source of the activity. Once the worm gains
access to a vulnerable IIS webserver, it uses tftp to fetch a binary
called Admin.dll.octet from the infecting host. An example packet capture
is below (see website http://www.incidents.org/alert.php )"
"Also, connecting to an attacking webserver using a web browser results in
a attempt to download an executable called readme.eml. Reports indicate
that IE5 will automatically execute the binary."
We are all up at 03:50 (Central Australian Time) working on it.
Eric
///
/// mgs@autox.team.net mailing list
/// or try http://www.team.net/cgi-bin/majorcool
///
|