-----BEGIN PGP SIGNED MESSAGE----- Kai Schlichting wrote:
On another operational note: I am seeing a vastly swelling number of customers falling victim to the NETWORK.VBS worm: a simple VB script that first scans surrounding network space for open, writable windows shares (and replicates by copying itself into a shared C:\ drive, if such drive is shared), then goes on to randomly scan /24's , where the 3 first octets of the IP number are random: this is generating boatloads of violations in my "no RFC1918 in or out" filters (and this is how this came to my attention).
We've been getting reports of network.vbs since about 2/24. There is a CERT Incident Note discussing network.vbs and the general need to secure unprotected Windows networking shares. http://www.cert.org/incident_notes/IN-2000-02.html You are welcome to use it as a reference with customers. Kevin -----BEGIN PGP SIGNATURE----- Version: PGP for Personal Privacy 5.0 Charset: noconv iQCVAwUBOMgULVFO4fmE3w/VAQFw8gQAhIloQWbHy0mkrck6w54tUTnHxjkPDCFH P0B27FbF/ok/yfPnLeUymVP/Vt3ptoSVs38bl/mP1BX83osix9JweFpapZZV+sVn Uu6BFfIDCv/o3h3NuQiprWmaJjtCzi1kNfqHM6hLxrbTNqo4Evzd+t5MY8+fncwX OthSzyq5geA= =Eqay -----END PGP SIGNATURE-----