CR worm infection attempts

John (EBo) David plug-discuss@lists.PLUG.phoenix.az.us
Sun, 12 Aug 2001 21:48:17 -0700 

Digital Wokan wrote:
> 
> It was my Apache access_log file.  The only access to their system that
> I performed was to type in their IP in my browser to see if a website
> with contact info came up.

Ok... then you are clean.  As much as I hate the idea of getting the FBI
or anyone involved, I hope the set something up that can track down
viruses, worms, zombies, etc., and inform people that they are
infected.  That would be a godsend!  If a regular person/company does it
they will be sued buy someone...

  EBo --


> "John (EBo) David" wrote:
> >
> > Kim Allen wrote:
> > >
> > > I've been contacting the sites that my server logs shows that have been
> > > hitting me with the code red signature and so far no one has bothered to
> > > respond except for one. However that site has told me how secure they are
> > > and how there is no way that they have any problems. When I sent them the
> > > portions of my server logs showing they do have problem they threaten
> > > legal action. Anyone else have had this type of response?
> >
> > did you send them the server logs only or did you try telnetting to teir
> > port.  As long as you did not try to gain access to their machine they
> > should not have a legal leg to stand on -- *you* are the one being
> > hacked and the finger points to them.  I would tell them that if anyone
> > is going to sue anyone it will be you sueing them to get them to cleam
> > up their act.   Theirs was a totally inappropriate response...
> >
> > My guess is that you talked to the sysadmin and they are under threat of
> > termination if the system becomes infected.  I know of several sysadmin
> > positions that have that as a contract clause.  I would be tempted to do
> > the following: contact the president/owner of the company and tell them
> > about your warm reception and explain that you did not want to make a
> > fuss you were informing them that your server is being attacked from
> > *their* machines, and if they are going to make threats then you would
> > be most happy to make a formal report/complaint to the special task
> > force in Arizona which deals with internet hacking, virus's and worms...