[42715] in North American Network Operators' Group
RE: Nimda & Yahoo
daemon@ATHENA.MIT.EDU (Craig Holland)
Wed Sep 19 12:48:56 2001
From: "Craig Holland" <cholland@yahoo-inc.com>
To: "Bill Larson" <blarson@compu.net>, <nanog@nanog.org>
Date: Wed, 19 Sep 2001 09:48:02 -0700
Message-ID: <IHEJLPADLAODAPGDBHGIEEOPCOAA.cholland@yahoo-inc.com>
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="----=_NextPart_000_005A_01C140F0.2CA8E740"
In-Reply-To: <000b01c14127$abfd03a0$2223f8d8@compu.net>
Errors-To: owner-nanog-outgoing@merit.edu
This is a multi-part message in MIME format.
------=_NextPart_000_005A_01C140F0.2CA8E740
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
We are already working on it. We pushed out virus updates yesterday and
have started tracking/killing all nimba flows. Damn thing spreads too
quickly.
Thanks for your concern.
craig
Yahoo! Inc.
Network Engineer
Y!Messenger: cholland
-----Original Message-----
From: owner-nanog@merit.edu [mailto:owner-nanog@merit.edu]On Behalf Of
Bill Larson
Sent: Wednesday, September 19, 2001 9:25 AM
To: nanog@nanog.org
Subject: Nimda & Yahoo
Well It looks as if the Yahoo Corporate network is infected.
hilla.corp.yahoo.com - [19/Sep/2001:11:22:10 -0500] "GET
/scripts/root.exe?/c+dir HTTP/1.0" 404 280 "-" "-"
If anyone from Yahoo is reading this list you might want to start scanning
systems.
---
Bill Larson
Network Administrator
Compu-Net Enterprises
------=_NextPart_000_005A_01C140F0.2CA8E740
Content-Type: text/html;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=3DContent-Type content=3D"text/html; =
charset=3Diso-8859-1">
<META content=3D"MSHTML 5.50.4807.2300" name=3DGENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=3D#ffffff>
<DIV><SPAN class=3D076334416-19092001><FONT face=3DArial color=3D#0000ff =
size=3D2>We are=20
already working on it. We pushed out virus updates yesterday and =
have=20
started tracking/killing all nimba flows. Damn thing spreads too=20
quickly.</FONT></SPAN></DIV>
<DIV><SPAN class=3D076334416-19092001><FONT face=3DArial color=3D#0000ff =
size=3D2></FONT></SPAN> </DIV>
<DIV><SPAN class=3D076334416-19092001><FONT face=3DArial color=3D#0000ff =
size=3D2>Thanks=20
for your concern.</FONT></SPAN></DIV>
<DIV><SPAN class=3D076334416-19092001><FONT face=3DArial color=3D#0000ff =
size=3D2></FONT></SPAN> </DIV>
<DIV><SPAN class=3D076334416-19092001><FONT face=3DArial color=3D#0000ff =
size=3D2>craig</FONT></SPAN></DIV>
<DIV><SPAN class=3D076334416-19092001><FONT face=3DArial color=3D#0000ff =
size=3D2>Yahoo!=20
Inc.</FONT></SPAN></DIV>
<DIV><SPAN class=3D076334416-19092001><FONT face=3DArial color=3D#0000ff =
size=3D2>Network Engineer</FONT></SPAN></DIV>
<DIV><SPAN class=3D076334416-19092001><FONT face=3DArial color=3D#0000ff =
size=3D2>Y!Messenger: cholland</FONT></SPAN></DIV>
<BLOCKQUOTE dir=3Dltr=20
style=3D"PADDING-LEFT: 5px; MARGIN-LEFT: 5px; BORDER-LEFT: #0000ff 2px =
solid; MARGIN-RIGHT: 0px">
<DIV class=3DOutlookMessageHeader dir=3Dltr align=3Dleft><FONT =
face=3DTahoma=20
size=3D2>-----Original Message-----<BR><B>From:</B> =
owner-nanog@merit.edu=20
[mailto:owner-nanog@merit.edu]<B>On Behalf Of </B>Bill =
Larson<BR><B>Sent:</B>=20
Wednesday, September 19, 2001 9:25 AM<BR><B>To:</B>=20
nanog@nanog.org<BR><B>Subject:</B> Nimda & =
Yahoo<BR><BR></FONT></DIV>
<DIV><FONT face=3DArial size=3D2>Well It looks as if the Yahoo =
Corporate network=20
is infected.</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2>hilla.corp.yahoo.com - =
[19/Sep/2001:11:22:10=20
-0500] "GET /scripts/root.exe?/c+dir HTTP/1.0" 404 280 "-"=20
"-"<BR></FONT></DIV>
<DIV><FONT face=3DArial size=3D2>If anyone from Yahoo is reading this =
list you=20
might want to start scanning systems.</FONT></DIV>
<DIV><FONT face=3DArial size=3D2> </DIV></FONT>
<DIV><FONT face=3DArial size=3D2>---<BR>Bill Larson<BR>Network=20
Administrator<BR>Compu-Net=20
Enterprises<BR></FONT></DIV></BLOCKQUOTE></BODY></HTML>
------=_NextPart_000_005A_01C140F0.2CA8E740--
