Slashdot Mirror

← Back to Stories (view on slashdot.org)

1 Year Anniversary of Nimda Outbreak

Posted by CmdrTaco on from the my-logs-hurt dept.

dots and loops writes "Today marks one year to the date that the nimda worm began making its way across the Internet." Hey, speaking of hilarious worms, I'm still getting 5-10 klez virus's a day! Yay Security!

5 of 289 comments (clear)

  1. Re:One year, and still.. by digitalsushi · · Score: 3, Insightful

    But how many of these machines are run by admins? (definition of admin being a professional)

    --
    slashdot: where everyone yells sarcastic metaphors to themselves to understand the issue
  2. Nimbda? by Second_Derivative · · Score: 3, Insightful

    I'm still getting nailed by Code Red. Weird how something can survive for two years without touching a single permanent storage device.

  3. Hrm by Alizarin+Erythrosin · · Score: 3, Insightful

    Why is it every time there's an addendum or update on a worm/virus report that Taco hasta remind us how much crap mail he gets?

    --
    There are only 10 kinds of people in this world... those who understand binary and those who don't
  4. The solution by Mr_Silver · · Score: 3, Insightful
    It would appear that Taco doesn't read postings on Slashdot, even the ones modded +5.

    Anyway, here is it again for Taco:

    Put this in your .procmailrc file:

    :0 B
    * Content-Disposition: attachment
    * name=.*\.(com|exe|pif|scr|bat|lnk|shf|vbs)
    {
    # Stick it somewhere
    :0 B:
    /dev/null
    }

    Of course, this is a bit drastic by throwing every file that ends in that type into the bin, so you may want to replace it with something like /home/username/mail/viruses

    Finally (and this bit is especially for Taco) you will probably need to have a .forward file with the following in it:

    |/usr/bin/procmail

    Once you've done that, then finally we'll never heard again from you how many viruses a day you can get.

    --
    Avantslash - View Slashdot cleanly on your mobile phone.
  5. Re:One year, and still.. by frank_adrian314159 · · Score: 4, Insightful
    Its hard to believe that its been one year and I'm still getting scans on my apache server. Are there really that many braindead admins??

    Actually, almost all of mine are coming from individual subscribers coming through big DSL-/Cable-based ISP's like RoadRunner, SW Bell, etc. For each incident, I fire off E-Mail to their security departments, giving times, IP's, etc. (I have set of log scanning scripts that generate them automatically. How's that for geekiness? No, you can't have them. They suck. That's high in geek factor, too :-). I've seen NO action taken by them. What a bunch of lamers. Do they really think their customers want to be infected and spew out into the net? The issue is that, really, as long as that $50/mo. comes in, they don't give a rat's ass.

    The smaller DSL ISP's are usually on the job, though. They give me a small amount of hope.

    --
    That is all.