You are not alone. Daily, I see about 300 attempts or more on our class C spaces. I have tried to mail as many as I could, and I have submitted logs to the people that said they were going to contact everyone. Still we see it. At this point, I am really wondering what it will take to erradicate it from the net. On a happier note, I have also been talking to ISPs, who have said if infections don't get fixed, they will shut off network access to those hosts/networks. This, at least is a good sign, that there is something that can be done yet. We used to pay for bandwidth on our network connection. I feel for anyone that is still doing it that way in the light of such virii. I too, believe there is no such thing as a good virus, but it would certainly be nice to have these uncared-for systems to just go away. -----Original Message----- From: reillyat_private [mailto:reillyat_private] Sent: Monday, November 12, 2001 5:28 PM To: incidentsat_private Subject: Nimda Infections It's amazing to me when I see the amount of systems still infected with Nimda. In today's logs I see a huge amount of systems in the ATT network that are still banging away. I can't even give you the amount of systems that I'm seeing from China. What is so difficult about patching your system against the .hta, .htq vuln. I don't mean to go off on a rant but am I the only one that feels this way? Is everyone else seeing the same activity? [.. list deleted ..] ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Tue Nov 13 2001 - 07:35:51 PST