On Thu, 17 Oct 2002, GiulioMaria Fontana wrote: > I found in a server in my subnet some sources of that worm (.cinik.go) > but I even found an .ink.go > Both are script shell but they differs in the use of the name "ink" > instead of "cinik" and in the address mail to which the informations are > sent. What should I do with that mail address? contact the domain contacts for that domain, ie security@ and abuse@, with the information that the email inbox is being used for malicious purposes (specifically compromise notification). ___________________________ jose nazario, ph.d. joseat_private http://www.monkey.org/~jose/ ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Thu Oct 17 2002 - 16:37:08 PDT