[69402] in North American Network Operators' Group
Re: worm information
daemon@ATHENA.MIT.EDU (ravi pina)
Sat Apr 10 14:32:02 2004
Date: Sat, 10 Apr 2004 14:30:29 -0400
From: ravi pina <ravi@cow.org>
To: Darrell Greenwood <lists2@telus.net>
Cc: 'nanog list' <nanog@merit.edu>
Reply-To: ravi@cow.org
In-Reply-To: <p06020407bc9dead98751@[10.0.1.2]>
Errors-To: owner-nanog-outgoing@merit.edu
On Sat, Apr 10, 2004 at 11:19:19AM -0700, Darrell Greenwood said at one point in time:
>
> On 04/4/10 at 1:53 PM -0400, Jeff Workman wrote the following :
>
> >http://securityresponse.symantec.com/avcenter/venc/data/w32.gaobot.um.htm
>
> File Not Found... 'l' missing from end of 'htm'.
>
> http://securityresponse.symantec.com/avcenter/venc/data/w32.gaobot.um.html
this is correct. my organization has been infected with this
and it is a particular nasty little bugger. we may have been
'patient 0' in terms of sending copies of the virus to symantec
so they could write signatures for it. infected hosts flood
the network with a tremendous amount of data and port opening.
i at least manged to quarantine off all my vpn devices which
seemed to be the entry point.
-r
