For those that don't know....Nimda was and is one of the worst viruses to hit. I actually got infected w/ it by going to a site that supposedly tested for if you were vulnerable to Nimda. The site itself was infected. And to make matters worse, even though my Norton was updated to the current date of my test--the virus def's hadn't yet included Nimda yet. So about a week later, I got some corrupt files, and I went to Panda's testing website, adn found out I had been killed. Not only that but my server, and all my installation scripts were fubarred. Can you say----no backup. I ought a tape backup the next day. I also quit using Norton for good based on that, and went w/ Panda ever since.
Well, about a month later ( I used to have a static IP and host a support website at home)....I noticed my IIS Server was getting hammered by an IP in the same subnet as my ISPs. I mean getting rocked. And when I checked the logs, I could tell it was a Nimda attack. (all the _vti_prvt calls....). After finding the ISP of the guy was my isp (road runner)...>I emailed road runner to inform them. A few days later, the ppl I support started complaining that they couldn't access my website---and again I found out it was the same IP that was hammering me. So, by this time, I had read up on nimda, and knew that it gave admin privelages to the Guest account.
So---as a guess---I figured the os was w2k----I just browsed to the IP Address/C$---and used guest as the login and it worked. So---I just left a note (.txt) for him on his desktop explaining his computer was unknowingly attacking me----and that he had Nimda. I also included a link for the latest online scanners to detect it, as well as a link for the Nimda fix from Panda. 2 days later the attacks from his IP was over.
I didn't browse his computer-----I merely went straight for the all users/desktop folder and left the text file in there. But can you imagine waking up one morning to find a text document that you hadn't created with the words--'YOU HAVE A VIRUS.txt". I even left him my hotmail account but he never emailed me. Anyway---it still makes me laugh----but also, I use it as a constant reminder just how f'd up you can get if you don't update Winders, Patch your servers---and make sure you have the latest virus definitions. I was and am still blown away that that virus opened up your computer that bad.
Anyway---jsut thought I'd share. A few days later, I was getting hammered again by a diff't IP, and it made me drop my static ip and move my support web site to a host.....I'm glad I don't work on servers---especially M$ft servers---but Linux servers as well. It's got to be a tough job to keep a big site up and runing right----especially with som many infected computers just hammering your IP looking for exploits.
Well, about a month later ( I used to have a static IP and host a support website at home)....I noticed my IIS Server was getting hammered by an IP in the same subnet as my ISPs. I mean getting rocked. And when I checked the logs, I could tell it was a Nimda attack. (all the _vti_prvt calls....). After finding the ISP of the guy was my isp (road runner)...>I emailed road runner to inform them. A few days later, the ppl I support started complaining that they couldn't access my website---and again I found out it was the same IP that was hammering me. So, by this time, I had read up on nimda, and knew that it gave admin privelages to the Guest account.
So---as a guess---I figured the os was w2k----I just browsed to the IP Address/C$---and used guest as the login and it worked. So---I just left a note (.txt) for him on his desktop explaining his computer was unknowingly attacking me----and that he had Nimda. I also included a link for the latest online scanners to detect it, as well as a link for the Nimda fix from Panda. 2 days later the attacks from his IP was over.
I didn't browse his computer-----I merely went straight for the all users/desktop folder and left the text file in there. But can you imagine waking up one morning to find a text document that you hadn't created with the words--'YOU HAVE A VIRUS.txt". I even left him my hotmail account but he never emailed me. Anyway---it still makes me laugh----but also, I use it as a constant reminder just how f'd up you can get if you don't update Winders, Patch your servers---and make sure you have the latest virus definitions. I was and am still blown away that that virus opened up your computer that bad.
Anyway---jsut thought I'd share. A few days later, I was getting hammered again by a diff't IP, and it made me drop my static ip and move my support web site to a host.....I'm glad I don't work on servers---especially M$ft servers---but Linux servers as well. It's got to be a tough job to keep a big site up and runing right----especially with som many infected computers just hammering your IP looking for exploits.
Facebook
Twitter