[NTLUG:Discuss] New IIS Virus

Paul Ingendorf pauldy at wantek.net
Wed Sep 19 07:04:43 CDT 2001 

I can attest that approximately 20% of what is in my log files are actual webservers and not just your average joe running iis at home.  Of course people on different subnets mileage may vary.  Which is something that gets my goat because I know competent admins who are out of work right now and many of the servers hitting me now are the ones I've been e-mailing for about a month and some change now about fixing their servers on codered.  Plus my script has been shutting most of their machines down daily for the past month and they still don't get the hint.  Oh well I'll be writing a counter script soon much like the last one probably just to shut their machine down once I figure out how this thing works and if that will be sufficient.

-- 
-->> mailto:pauldy at wantek.net
-->> http://www.wantek.net/
Running ....... Cos anything else would be a waste...
`:::'                  .......  ......
 :::  *                  `::.    ::'
 ::: .::  .:.::.  .:: .::  `::. :'
 :::  ::   ::  ::  ::  ::    :::.
 ::: .::. .::  ::.  `::::. .:'  ::.
.:::.....................::'   .::::..


-----Original Message-----
From: discuss-admin at ntlug.org [mailto:discuss-admin at ntlug.org]On Behalf
Of Daniel Hauck
Sent: Wednesday, September 19, 2001 6:37 AM
To: discuss at ntlug.org
Subject: Re: [NTLUG:Discuss] New IIS Virus


Your statement is incomplete and/or inaccurate.  A majority of what I have
seen are home users... users (not administrators) at home.  Microsoft has
unleashed too much power to the every-day user.

I know we have had this discussion before, so please restrain yourself
better than I am, but I still hold that Microsoft should bear some
responsibility over this.  There are thousands of Windows machines out there
running IIS and the owner/user doesn't even know about it.  It's sad.

I would like to open up discussion about implementing "counter-agents."
Clearly, there is little to no risk of prosecution and I think
"self-defence" is a valid argument.  I'd be happy to host counter-offensive
software on my server while I still have port 80 access.

----- Original Message -----
From: "Aaron Goldblatt" <aaron at goldblatt.net>
To: <discuss at ntlug.org>
Sent: Wednesday, September 19, 2001 6:26 AM
Subject: Re: [NTLUG:Discuss] New IIS Virus


> > Has anyone been getting hits on their macjines from this new virus? I
>
> I'll leave others to answer your direct question, but I'll observe that
this
> Nimda thing is harder on non-IIS servers than previous viruses.  Stuff
like
> Code Red produced a few dozen log entries a day.  This is producing
thousands
> of lines a day.  Nobody except viruses hit my web server anyway, so the
> effect is minimal, but I do use the machine for other things, in addition
to
> just being my web server.
>
> It isn't Windows administration or even Windows administrators that bother
me
> so much as stupid Windows administration, and stupid Windows
administrators.
> Inattentive == stupid.
>
> ag
> _______________________________________________
> http://www.ntlug.org/mailman/listinfo/discuss
>
_______________________________________________
http://www.ntlug.org/mailman/listinfo/discuss

More information about the Discuss mailing list