Slashdot Mirror

← Back to Stories (view on slashdot.org)

New (More) Annoying Microsoft Worm Hits Net

Posted by CmdrTaco on from the what-a-pain-in-the-arse dept.

A new worm seems to be running rampant Unlike Code Red, it attempts to hit boxes with many different exploits (including what looks like an attempt to exploit boxes still rooted by Code Red). It looks like each IP tries 16 attempts on its neighbors. There is also a new mail worm mailing WAV files or something with bits of what appears to be the registry... it may or may not be related. Got any words on this? Shut down those windows boxes and stop opening attachments. And make that 21. Got another one while writing this story. All my hits are coming from 208.n.n.n (where I am) I'm sure it'll keep moving to nearby boxes. Update: 09/18 16:40 GMT by J : It now has a name: "Nimda." More info here, here, and here.

Here are examples of the requests it's sending:

GET /scripts/..%%35%63../winnt/system32/cmd.exe?/c+dir
GET /msadc/..%255c../..%255c../..%255c/..%c1%1c../..%c1%1c../ ..%c1%1c../winnt/system32/cmd.exe?/c+dir
GET /_vti_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir

While writing this story I was hit a total of 4 times, 16 GET attempts per attack. In only 4 minutes. Also of interest, My desktop has now been hit about 500 times today, all from 208.x.x.x IPs. This might be really bad. I still haven't read anything about this anywhere else, so you heard it here first ;)

Update Web servers compromised by this worm apparently attach a "readme.eml" to all web pages served... and due to a bug in IE5, it will automatically execute the file! Yay Internet Explorer!

35 of 1,163 comments (clear)

  1. fwxpp by Turd+Fergus0n · · Score: -1, Offtopic

    first windows xp post!

    --

    Yeah, that's right. Turd Ferguson. It's a funny name.
  2. fp by Anonymous Coward · · Score: -1, Offtopic

    fp

  3. I would by Anonymous Coward · · Score: -1, Offtopic

    I would forward this to the Help Desk people here, but then they'd know I was reading /.

    1. Re:I would by Anonymous Coward · · Score: -1, Offtopic
      So what?

      The needs of the many outweigh the needs of the few.

    2. Re:I would by Anonymous Coward · · Score: -1, Offtopic

      Or the one.

    3. Re:I would by Anonymous Coward · · Score: -1, Offtopic
      If the Help Desk people knew he was reading Slashdot then they would know he is an idiot.

  4. uh...just patch by Anonymous Coward · · Score: -1, Offtopic

    No need to run terrified through the streets like CmdrTaco yelling "Shut down your Windows boxes! I just pissed my pants!" Just patch your damn systems. If only Linux were popular enough to inspire more worms...

  5. gpl by Anonymous Coward · · Score: -1, Offtopic

    the gpl sucks, it lets people steal your code and say they made it

  6. early post by Anonymous Coward · · Score: -1, Offtopic

    this early post is for the eradication and ethnic cleansing of sand niggers everywhere

  7. Destroy Islam. Exterminate All Muslims. Destroy. by Anonymous Coward · · Score: -1, Offtopic
    Our tormented dead scream out for vengeance:
    1. Kill all Muslims.
    2. Kill all Mohammedans.
    3. Kill all Arabs.
    4. Kill all Towel Heads.
    5. Kill ll Camel Jockeys.
    6. Kill all Dune Coons.
    7. Kill all Sand Niggers.
    8. Kill all Islam.
    9. Nuke their countries to hell.
    10. Nuke them again.
    11. Death to Islam.

    I piss on Mecca. I wipe my ass with the Koran. I spit upon Mohammed.

  8. Oh no! XP has raw sockets!!! by Anonymous Coward · · Score: -1, Offtopic

    The sky is falling! The sky is falling!

    This overreaction brought to you by Gibson Research Corporation.

  9. woah by Anonymous Coward · · Score: -1, Offtopic

    All these weird entries in my server log are making me horny! I think i'll go give myself another blowjob.

    1. Re:woah by Anonymous Coward · · Score: -1, Offtopic

      How do you do that? I want to learn! Of course I'd then probably never leave the house again...

  10. Re:Mail servers down by Swordfish · · Score: 3, Offtopic
    It seems to me that it started at approximately 08:42 on Tuesday morning. I wonder what this means?!! I suspect this is not a coincidence.

    It has a very high probability of /16 hits as well as /8 hits.

    It's using about 50% of my modem bandwidth with about 20 IP addresses with port 80 active. It's so bad, I closed down most of my ports 80.

  11. Re:Destroy Islam. Exterminate All Muslims. Destroy by HermanBupkis · · Score: 0, Offtopic

    Don't be a dink, man.

    We are all upset about what the Terrorists did. But you don't have to be a wiener to a bunch of innocent people.

  12. Re:What's the problem? by Anonymous Coward · · Score: -1, Offtopic

    Yet another argument in favor of open source...

    If the code was open, we'd be able to enjoy the same viruses that Windows users get!

    Damn proprietary viruses! Damn them all to hell!

  13. Re:What's the problem? by Anonymous Coward · · Score: -1, Offtopic

    Well, try with Wine

    SCNR

    küsschen

  14. Re:Destroy Islam. Exterminate All Muslims. Destroy by Anonymous Coward · · Score: -1, Offtopic
    They don't scream out for anything dude, they are dead.


    You need to chill out, and think it through. Do you really want the deaths of all those human beings on YOUR conscience ?


    You are worse than a fundamentalist muslim.

  15. Re:What's the problem? by re-geeked · · Score: 1, Offtopic

    If your software had a butt to scratch, it would...

    --
    "You can't get something for nothing." - my grandfather, on the stock market and Reaganomics.
  16. Re:Non-windows Servers by Anonymous Coward · · Score: -1, Offtopic

    wtf r u talking about idiot?

  17. Re:Destroy Islam. Exterminate All Muslims. Destroy by Anonymous Coward · · Score: -1, Offtopic

    Sir, it would be a great honour to pee inside your mouth.

  18. Re:Destroy Islam. Exterminate All Muslims. Destroy by Anonymous Coward · · Score: -1, Offtopic

    Joo has been trolled!

    Have a nice day.

  19. Re:yup! by Anonymous Coward · · Score: -1, Offtopic

    no sireee bob, thats a DIFFERENT attempt to crack you using the same hole... :)

  20. Re:This is what I think by Anonymous Coward · · Score: -1, Offtopic

    They stink, they bite and they hump your leg.

    Then I guess you're evil too.

  21. Re:This is what I think by Anonymous Coward · · Score: -1, Offtopic
    Everybody knows that throughout the history the smart people have prefered cats as pets.

    Dogs are for fools.

  22. Re:GET /default.ida? by Anonymous Coward · · Score: -1, Offtopic

    Pardon me for flaming, but what rock have you been living under? That's called Code Red, see also the pointless internet scare a few months back.

  23. Re:here's more output by Anonymous Coward · · Score: -1, Offtopic

    All it means is that a school computer was infected. You're stupid.

  24. Re:Wrong name by Anonymous Coward · · Score: -1, Offtopic

    you're an idiot. are they called viruses (etc.) for no reason? AND: there is no "propagation of the species" - these aren't even AI, much less I.

  25. Re:here's more output by Anonymous Coward · · Score: -1, Offtopic

    I think he was just joking.

    Sheesh, chill out people.

  26. Re:Wrong name by Anonymous Coward · · Score: -1, Offtopic

    Damn, you hate it when it impacts the performance of porn sites. You would think that hackers would be more sympathetic to our needs.

  27. Re:Is this just the old Unicode exploit? by Anonymous Coward · · Score: -1, Offtopic

    I have black ice running, and on any other day i get three or four hits. I have been on the net for 20 minutes and have been probed by 8 different boxes. total attacks are 19.

  28. beeping lameness filter by Anonymous Coward · · Score: -1, Offtopic

    Running a quarter inch drill bit through the middle of your hard drive is also 'a pretty good anti-virus for some things.'

    And about as useful for many tasks.

  29. Re:example site - see it yourself by Anonymous Coward · · Score: -1, Offtopic

    What are you, a moron? The guy was hit BY this server, he read his OWN logs.

  30. Re:Wrong name by Datafage · · Score: 1, Offtopic

    Mod this guy up!

    --

    Nicotine free Amish .sig.

  31. +1 Artistic. by Anonymous Coward · · Score: -1, Offtopic

    Good job. Seriously, it's a great parody on both
    academing "creative writing" and on slashduhh trolls. Keep up the good work.