[Esd-l] Fw: New Virus/Worm email

Strata Rose Chalup strata at virtual.net
Wed Sep 19 11:04:01 PDT 2001


Thanks for the squid config info.  I have added it to a
page on NIMDA blocking methods that I'm keeping, mostly
scraped from the nanog list:

http://kgate.virtual.net/cgi-bin/wiki.cgi?action=Browse&id=NIMDAWormBlocking

SRC

"John D. Hardin" wrote:
> 
> On Tue, 18 Sep 2001, Jeffrey S. Gavin wrote:
> 
> > I've read that this particular worm (W32.Nimda.A at mm) will try to
> > download itself when a user visits a compromised web server.  More info
> > can be found at:
> >
> > http://securityresponse.symantec.com/avcenter/venc/data/w32.nimda.a@mm.html
> 
> I posted this to the dshield mailing list. Here it is if anyone finds it useful...
> 
> Squid ACLs to hopefully prevent this attack on your users:
> 
> In /etc/squid.conf:
> 
>    acl POISONEDURL  url_regex -i "/etc/squid/URL-Blacklist"
>    http_access deny POISONEDURL
> 
> In /etc/squid/URL-Blacklist:
> 
>    readme.exe$
>    readme.eml$
>    /admin.dll
>    /winnt/system32/
> 
> Whenever URL-Blacklist changes, poke squid with "squid -k reconfigure"
> 
> NB: The firewall protecting my company's Class C was logging three to
> five attacks *per second* this afternoon. It's not logging them any
> longer, as the system load was simply too much for that little box.
> 
> --
>  John Hardin KA7OHZ   ICQ#15735746   http://www.wolfenet.com/~jhardin/
>  jhardin at impsec.org        pgpk -a finger://gonzo.wolfenet.com/jhardin
>   768: 0x41EA94F5 - A3 0C 5B C2 EF 0D 2C E5  E9 BF C8 33 A7 A9 CE 76
>  1024: 0xB8732E79 - 2D8C 34F4 6411 F507 136C  AF76 D822 E6E6 B873 2E79
> -----------------------------------------------------------------------
>   In 1998 more than three times as many people in the US were killed
>   by incompetent physicians than were killed by handguns, yet the
>   President of the A.M.A. is adopting "gun safety" as his platform.
> -----------------------------------------------------------------------
>    1141 days until the Presidential Election
> _______________________________________________
> Esd-l mailing list
> Esd-l at spconnect.com
> http://www.spconnect.com/mailman/listinfo/esd-l

-- 
========================================================================
Strata Rose Chalup [KF6NBZ]                      strata "@" virtual.net
VirtualNet Consulting                            http://www.virtual.net/
 ** Project Management & Architecture for ISP/ASP Systems Integration **
=========================================================================



More information about the esd-l mailing list