Re: FW: Careful. This is for information only.
On Tue, 7 Aug 2001, allen wayne best just ramblin in his amx wrote:
awbjri> taking a cue from various posts on this subject, i tar'd up a *lot* of gnu
awbjri> software tars into one heck of large file. i put this in my webserver html
awbjri> section as default.ida, thinking, well, if the infected machine wants a file,
awbjri> give it to it! <g>
awbjri>
awbjri> transferring hundreds of megabytes should get the attention of the culprit
awbjri> machine user!! <bg>
awbjri>
awbjri> unfortunately, this malicious worm will disconnect if it starts uploading (it
awbjri> would appear). the error log file notes that the upload was disconnected. :((
awbjri> on the other hand, maybe it filled a disk somewhere???
well i think the worm looks for the default.ida just to see if it is in fact
the right machine to attack and if the owner is a clueless moron that doesn't
even know that there is web server on their machine ;)
Dingo.
).|.(
'.'___'.'
' '(>~<)' '
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-ooO-=(_)=-Ooo-=-=-=-=-=-=-=-=-=-=-=-=-=-
Petr [Dingo] Dvorak dingo@pdragon.org
Coder - Purple Dragon MUD pdragon.org port 3333
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-[ 369D93 ]=-=-
Debian version 2.2.18pre21, up 4 days, 11 users, load average: 1.00
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Reply to: