[TCLUG] New virus info I think

Wed Sep 19 16:16:59 CDT 2001

On Wed, Sep 19, 2001 at 03:29:48PM -0500, James Spinti wrote:
>I know. I spent last night and this morning cleaning out over 2500
>desktop.eml files on all kinds of shares.  The person just visited a
>compromised web site.  They knew better than opening an attachment (besides,
>we block all .exe, .vbs, etc at the firewall).

find /share -name "*.eml" -exec rm -f -- {} \;

I've been fortunate enough to not have any of these show up on my samba
shares. 

>
>Thanks,
>
>James Spinti
>jspinti at dartdist.com
>952-368-3278 x396
>fax 952-368-3255
>
>|-----Original Message-----
>|From: tclug-list-admin at mn-linux.org
>|[mailto:tclug-list-admin at mn-linux.org]On Behalf Of Shawn Fertch
>|Sent: Wednesday, September 19, 2001 2:47 PM
>|To: tclug-list at mn-linux.org
>|Subject: [TCLUG] New virus info I think
>|
>|
>|
>|Just found this today on one of my systems with samba running...
>|
>|If someone is mapped to a samba share and they are infected with the "code
>|blue" or nimba virus I think it's called, it will fill the file
>|system with a
>|pe000##.eml file in every directory.  Currently I'm writing a
>|script to clean
>|out the system of these and greping for the readme.exe when doing
>|a strings
>|against the file.
>|
>|My scripting sucks, but I'll get it done sometime....
>|
>|
>|--
>|---
>|Shawn
>|
>|   "Knowing is not enough, we must apply.  Willing is not enough,
>|we must do."
>|	-Bruce Lee
>|_______________________________________________
>|tclug-list mailing list
>|tclug-list at mn-linux.org
>|https://mailman.mn-linux.org/mailman/listinfo/tclug-list
>|
>
>_______________________________________________
>tclug-list mailing list
>tclug-list at mn-linux.org
>https://mailman.mn-linux.org/mailman/listinfo/tclug-list

-- 
Ben Lutgens		
Sistina Software Inc.	

"In the war against terrorism, there are no rear lines. We're all on the
front lines" - William Cohen
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 232 bytes
Desc: not available
Url : http://shadowknight.real-time.com/pipermail/tclug-list/attachments/20010919/c66a2f08/attachment.pgp