[205] in Security FYI
[Security-fyi] New worm activity
daemon@ATHENA.MIT.EDU (Bob Mahoney)
Tue Aug 19 10:48:15 2003
Mime-Version: 1.0
Message-Id: <p05200f09bb67dfff6470@[66.93.190.33]>
Date: Tue, 19 Aug 2003 10:32:40 -0400
To: security-fyi@MIT.EDU, itpartners@MIT.EDU, ilg-net-contacts@MIT.EDU,
rcc@MIT.EDU
From: Bob Mahoney <bobmah@MIT.EDU>
Content-Type: text/plain; charset="us-ascii"
cc: Security Team <security-internal@MIT.EDU>
Errors-To: security-fyi-bounces@mit.edu
A brief note on our current situation...
We've had over 300 new compromises in the last 18 hours, via a new worm variant exploiting the existing Windows RPC vulnerability. Many of these machines have not yet been dealt with, and are still active.
We are working with other teams in IS to respond to the load, but response will be slower than usual, and we ask your patience.
We will have new information out to the above lists later this morning, on some host configuration changes that will assist users working to recover. Currently, the time needed to patch machines returning to the network often takes longer than the worm needs to reinfect the just-reformatted machine...
More information will follow shortly, please bear with us.
-Bob Mahoney, for security@mit.edu
_______________________________________________
Security-fyi mailing list
Security-fyi@mit.edu
http://mailman.mit.edu/mailman/listinfo/security-fyi
