CR worm infection attempts

[Kim Allen]

I had sent them a simple message the first time around. When the response 
came and it was obvious they did not believed me I sent them the log 
listings showing all of the attempts from their server. That when they 
sent me a message saying that they have all of the latest enterprise 
lever virus software with updates, all of their servers are behind 
firewalls and they have applied all of the required patches to the IIS 
server (which they also said does not exist on the machine in question). 
Then they informed me that since they do software development if I insist 
on sending email about "my" problem they will be forced to take legal 
action. I was then also told not to believe everything I read or hear in 
the news. 

> Kim Allen wrote:
> > 
> > I've been contacting the sites that my server logs shows that have been
> > hitting me with the code red signature and so far no one has bothered to
> > respond except for one. However that site has told me how secure they are
> > and how there is no way that they have any problems. When I sent them the
> > portions of my server logs showing they do have problem they threaten
> > legal action. Anyone else have had this type of response?
> 
> did you send them the server logs only or did you try telnetting to teir
> port.  As long as you did not try to gain access to their machine they
> should not have a legal leg to stand on -- *you* are the one being
> hacked and the finger points to them.  I would tell them that if anyone
> is going to sue anyone it will be you sueing them to get them to cleam
> up their act.   Theirs was a totally inappropriate response...
> 
> My guess is that you talked to the sysadmin and they are under threat of
> termination if the system becomes infected.  I know of several sysadmin
> positions that have that as a contract clause.  I would be tempted to do
> the following: contact the president/owner of the company and tell them
> about your warm reception and explain that you did not want to make a
> fuss you were informing them that your server is being attacked from
> *their* machines, and if they are going to make threats then you would
> be most happy to make a formal report/complaint to the special task
> force in Arizona which deals with internet hacking, virus's and worms...
> 
>   EBo --
> ________________________________________________
> See http://PLUG.phoenix.az.us/navigator-mail.shtml if your mail doesn't post to the list quickly and you use Netscape to write mail.
> 
> PLUG-discuss mailing list  -  PLUG-discuss@lists.PLUG.phoenix.az.us
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
>