[Subject Prev][Subject Next][Thread Prev][Thread Next][Subject Index][Thread Index]

ARIS worm notification

To: linux-india-general@xxxxxxxxxxxxxxxxxxxxx, linux-india-help@xxxxxxxxxxxxxxxxxxxxx, linux-delhi@xxxxxxxxxxxxxxxxxxxxx, fsf-india@xxxxxxxxxx
Subject: ARIS worm notification
From: Raju Mathur <raju@xxxxxxxxxxxxxxx>
Date: Mon, 6 Aug 2001 23:04:27 +0530 (IST)

Hi,

As you're aware, the ARIS worm is spreading real fast on the
Internet.  My dial-up machine has received nearly 200 ARIS probes from
infected machines since this morning, in about 6 hours of uptime.

SecurityFocus has setup an ARIS notification address.  They will
notify the administrators of infected systems given the IP's of these
systems, which will help curb the spread of the virus.

This is a request to please cull your HTTP logs (if you're running
HTTPD) and send the appropriate information to SecurityFocus.  The
command to do this is:

fgrep ".ida?XXXXX" /var/log/httpd/access_log | \
      cut -d" " -f1,4,5 | \
      sed -e 's/[][]//g' | \
      Mail -s "ARIS Infection Report from httpd access_log" aris-report@xxxxxxxxxxxxxxxxx

[Line may have wrapped]

This would work on a RH 6.2 system.  Please use the appropriate path
to your Apache logfile for other systems.

Regards,

-- Raju
-- 
Raju Mathur          raju@xxxxxxxxxxxxx           http://kandalaya.org/

Prev by Subject: ARIS -- Oops!
Next by Subject: Asp on Linux
Previous by thread: Re: How to install qmail-1.03+patches-18.src.rpm ?
Next by thread: Fw: CodeRedII worm..
Index(es):
- Subject
- Thread