[Dshield] Re: Dshield digest, Vol 1 #185 - 11 msgs

Dustin Decker dustind at moon-lite.com
Tue Aug 7 17:13:25 GMT 2001

> B. My understanding of the problem is that the owners of most of the
> still affected machines have win2000 with IIS5 automatically installed.
> The don't know what IIS is, neither they have websites and logs, and
> most of them don't know what Windows Update or a warms are. Also, they
> are not really affected (yet).
This is certainly going to get worse before it gets better.  If you and I
are able to log TONS of infected IP addresses, then so can a lot of other
folks.  (read, the writers of the virus, perhaps)  The problem with this
is that they themselves may now be in a position to further infect with
something very much like Code Red II.  The signal to noise ratio is quite
high, and if they use each successive machine for each successive attack,
they might fly under a log of radar.

Let's all agree right now however, to quash any such discussion of using
the worm itself to kill the worm.  This may indeed seem noble, and on many
merits I would agree... however, one simply cannot forget that we are
without the services and companionship of our beloved own - Max Vision.  I
don't think I have to remind you why.  (Although I would also interject
that the FBI gave him a royal screwing on that whole mess.)  The law,
flawed or not, is still in full effect.  It would be most unwise to cross
those lines, and is additionally poor form to support such measures in
this forum.


E = MC ** 2 +- 3db

More information about the list mailing list