brossiniat_private wrote: > I agree, these machines NEED to be cleaned and secured, OR removed from the > network. > In a perfect world Microsoft , Apache etc could include a feature into their webservers that (via the exploit) produced a "net send" command to be run on the infected system telling them to patch up. eg. infected system requests dodgy URL eg: GET /scripts/root.exe?/c+dir the system then responds by requesting a net send command to the Administrator. (it might even be possible to do it via a URL rewriting/redirection rule) no - this will not fix all of the problems yes - it is probably illegal - or at the least very grey. an alternative to the above and public disclosure of infected systems would be to log to a communal cgi / database at Microsoft - as it is they who has gifted the world with this issue. After the addresses have been collected - let them take an active role in eradicating this menace. something like... (for apache) <Location /scripts/root.exe*> Deny from all ErrorDocument 403 http://abuse.microsoft.com/iis_abuse_log.cgi </Location> I look at this problem as the computer equivalent of smallpox - without cooperation and some big backers - there is little hope of defeating it in sporadic and isolated attempts. Clinton
This archive was generated by hypermail 2b30 : Wed May 08 2002 - 22:19:37 PDT