[NTLUG:Discuss] New IIS Virus

Daniel Hauck xdesign at hotmail.com
Wed Sep 19 07:19:49 CDT 2001 

How about threatening the virus-spreading server owners with legal action?

Which/what script do you use to shut them down?

----- Original Message -----
From: "Paul Ingendorf" <pauldy at wantek.net>
To: <discuss at ntlug.org>
Sent: Wednesday, September 19, 2001 7:04 AM
Subject: RE: [NTLUG:Discuss] New IIS Virus


> I can attest that approximately 20% of what is in my log files are actual
webservers and not just your average joe running iis at home.  Of course
people on different subnets mileage may vary.  Which is something that gets
my goat because I know competent admins who are out of work right now and
many of the servers hitting me now are the ones I've been e-mailing for
about a month and some change now about fixing their servers on codered.
Plus my script has been shutting most of their machines down daily for the
past month and they still don't get the hint.  Oh well I'll be writing a
counter script soon much like the last one probably just to shut their
machine down once I figure out how this thing works and if that will be
sufficient.
>
> --
> -->> mailto:pauldy at wantek.net
> -->> http://www.wantek.net/
> Running ....... Cos anything else would be a waste...
> `:::'                  .......  ......
>  :::  *                  `::.    ::'
>  ::: .::  .:.::.  .:: .::  `::. :'
>  :::  ::   ::  ::  ::  ::    :::.
>  ::: .::. .::  ::.  `::::. .:'  ::.
> .:::.....................::'   .::::..
>
>
> -----Original Message-----
> From: discuss-admin at ntlug.org [mailto:discuss-admin at ntlug.org]On Behalf
> Of Daniel Hauck
> Sent: Wednesday, September 19, 2001 6:37 AM
> To: discuss at ntlug.org
> Subject: Re: [NTLUG:Discuss] New IIS Virus
>
>
> Your statement is incomplete and/or inaccurate.  A majority of what I have
> seen are home users... users (not administrators) at home.  Microsoft has
> unleashed too much power to the every-day user.
>
> I know we have had this discussion before, so please restrain yourself
> better than I am, but I still hold that Microsoft should bear some
> responsibility over this.  There are thousands of Windows machines out
there
> running IIS and the owner/user doesn't even know about it.  It's sad.
>
> I would like to open up discussion about implementing "counter-agents."
> Clearly, there is little to no risk of prosecution and I think
> "self-defence" is a valid argument.  I'd be happy to host
counter-offensive
> software on my server while I still have port 80 access.
>
> ----- Original Message -----
> From: "Aaron Goldblatt" <aaron at goldblatt.net>
> To: <discuss at ntlug.org>
> Sent: Wednesday, September 19, 2001 6:26 AM
> Subject: Re: [NTLUG:Discuss] New IIS Virus
>
>
> > > Has anyone been getting hits on their macjines from this new virus? I
> >
> > I'll leave others to answer your direct question, but I'll observe that
> this
> > Nimda thing is harder on non-IIS servers than previous viruses.  Stuff
> like
> > Code Red produced a few dozen log entries a day.  This is producing
> thousands
> > of lines a day.  Nobody except viruses hit my web server anyway, so the
> > effect is minimal, but I do use the machine for other things, in
addition
> to
> > just being my web server.
> >
> > It isn't Windows administration or even Windows administrators that
bother
> me
> > so much as stupid Windows administration, and stupid Windows
> administrators.
> > Inattentive == stupid.
> >
> > ag
> > _______________________________________________
> > http://www.ntlug.org/mailman/listinfo/discuss
> >
> _______________________________________________
> http://www.ntlug.org/mailman/listinfo/discuss
>
> _______________________________________________
> http://www.ntlug.org/mailman/listinfo/discuss
>

More information about the Discuss mailing list