Slashdot Mirror


New (More) Annoying Microsoft Worm Hits Net

A new worm seems to be running rampant Unlike Code Red, it attempts to hit boxes with many different exploits (including what looks like an attempt to exploit boxes still rooted by Code Red). It looks like each IP tries 16 attempts on its neighbors. There is also a new mail worm mailing WAV files or something with bits of what appears to be the registry... it may or may not be related. Got any words on this? Shut down those windows boxes and stop opening attachments. And make that 21. Got another one while writing this story. All my hits are coming from 208.n.n.n (where I am) I'm sure it'll keep moving to nearby boxes. Update: 09/18 16:40 GMT by J : It now has a name: "Nimda." More info here, here, and here.

Here are examples of the requests it's sending:

GET /scripts/..%%35%63../winnt/system32/cmd.exe?/c+dir
GET /msadc/..%255c../..%255c../..%255c/..%c1%1c../..%c1%1c../ ..%c1%1c../winnt/system32/cmd.exe?/c+dir
GET /_vti_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir

While writing this story I was hit a total of 4 times, 16 GET attempts per attack. In only 4 minutes. Also of interest, My desktop has now been hit about 500 times today, all from 208.x.x.x IPs. This might be really bad. I still haven't read anything about this anywhere else, so you heard it here first ;)

Update Web servers compromised by this worm apparently attach a "readme.eml" to all web pages served... and due to a bug in IE5, it will automatically execute the file! Yay Internet Explorer!

6 of 1,163 comments (clear)

  1. Maybe a Box collection for mas DDoS on Afganistan? by Quazion · · Score: 0, Flamebait

    I heard some Hacker groups where planning cyberwar against Afganistan and Iraq, then they will be needing loads of machines.

    Dont know but this could be related.

    Quazion.

  2. This is what I think by Anonymous Coward · · Score: -1, Flamebait
    Dogs are EVIL!

    They stink, they bite and they hump your leg.

  3. Let us see Microsoft save the internet once again! by Dog+and+Pony · · Score: 0, Flamebait

    Well, that was their take on Code Red (and all the other MS viruses), in their press releases, right? "We have saved the internet, and the world from the evil viruses!".

    Not a word on who created, not really the problem, but the possibility, as usual. :)

    There was even a term, wasn't there? Something like MSTD - MicroSoft Transmittable Disease or something... anybody remember?

  4. Re:Destroy Islam. Exterminate All Muslims. Destroy by Anonymous Coward · · Score: -1, Flamebait

    >>
    2. Kill all Mohammedans.
    >>
    i'm amused that you used a little-known term for moslems.

    >>
    I piss on Mecca. I wipe my ass with the Koran. I spit upon Mohammed.
    >>
    also amusing is the fact that you use the name of their holy center/holy book/prophet. this seems a lot of research just for a "look at me, i can make a mess!" troll. or are you a troller from suburban middle class america who already had the education to know that? does it feel good to be both rich *and* misanthropic?
    jacob

  5. Re:Time for a class action lawsuit against Microso by Anonymous Coward · · Score: -1, Flamebait

    Fuck off you stupid arsehole. You're talking shit and you know it. Read your own fucking sig before posting shite like that. Your are a karma whore of the worst kind -- flame MS and wait for some halfwit Linux advocate to mod you up... Misinformation and propoganda is not worth the karma, my retarded friend.

    Fuck you. Motherfucker.

  6. Re:Time for a class action lawsuit against Microso by fmaxwell · · Score: 0, Flamebait

    You really are an illiterate half-wit, aren't you? No wonder you post as Anonymous Coward. Are you a actually a stupid adult or just some short-bus kid from special ed?