CR worm infection attempts

John (EBo) David plug-discuss@lists.PLUG.phoenix.az.us
Sat, 11 Aug 2001 10:46:41 -0700


Kim Allen wrote:
> 
> I had sent them a simple message the first time around. When the response
> came and it was obvious they did not believed me I sent them the log
> listings showing all of the attempts from their server. That when they
> sent me a message saying that they have all of the latest enterprise
> lever virus software with updates, all of their servers are behind
> firewalls and they have applied all of the required patches to the IIS
> server (which they also said does not exist on the machine in question).
> Then they informed me that since they do software development if I insist
> on sending email about "my" problem they will be forced to take legal
> action. I was then also told not to believe everything I read or hear in
> the news.

ahhh.. that is slightly a different tone then I expected.  You know at
this time I am tempted to email the AZ cyber crime division or the FBI
taskforce that is dealing with it and say, you know I contacted these
people and this is their reponse.  Do you have anyone that would try the
telnet back door thing on XYZ machines?  I ask this because:

  1) they do not believe my logged info and appear not to have tried the
backdoor.

  2) they have threatened leagal action for even telling them that I
think they have a problem, so I am not about to use the documented
exploit for fear that they would have me arrested for proving they have
a problem.  Your orginization is probably the only one that CAN test a
machine for backdoors and inform them without fear of arrest for doing
so.

  3) if their machines have been compromised they WILL believe YOU!

  4) general cleaning up the internet of the problem.


If a goventment official informed gave the sysadmin a little call, that
*should* be the end of the problem...

  EBo --