Un nouveau vers découvert : source des infos mailing list securityfocus.org – en complément de l’article ci-dessous et parce que la situation semble plus grave que pour code-red :

Ce worm lance +/- un 15aine d’attaque par machine scannée (je vous laisse imaginer le traffic rezo 😉

Quand M$ prendra-t-il ses responsabilités vis-à-vis de ce fiasco qu’est IIS ;p

This is not good. http://www.amariplastics.com/ tries to

run/download the readme.eml worm/trojan/thing when you browse it.

It looks like their website has been tampered with or something as

the last 3 lines of the HTML source read:

which does exactly what it look like.

Please be careful, one of the chaps here said it AUTOMATICALLY

downloaded and ran the file. My machine asked me what to do. I said

CANCEL, and so should you.

A couple things I seem to be seeing:

Infected hosts do what appears to be a netscan. Infected hosts produce an

INSANE amount of ARP traffic. Also I’m keying on the following file





So far I seem to be finding the infected machines. Can anyone else out there

confirm the ARP traffic correlation?

We obtained a virus update from Symantec and started scanning our systems.

Norton Anti-Virus has been finding numerous infected exe’s including

wordpad.exe and many other executables. 🙁

NAV is unable to clean the files and can only quarantine them 🙁

Enjoy rebuilding your servers 🙁

Partagez cet article sur les réseaux sociaux