| 1 |
Hi, |
| 2 |
|
| 3 |
As you're aware, the ARIS worm is spreading real fast on the |
| 4 |
Internet. My machine has received nearly 400 ARIS probes from |
| 5 |
infected machines since this morning, in about 6 hours of uptime. |
| 6 |
|
| 7 |
SecurityFocus has setup an ARIS notification address. They will |
| 8 |
notify the administrators of infected systems given the IP's of these |
| 9 |
systems, which will help curb the spread of the virus. |
| 10 |
|
| 11 |
This is a request to please cull your HTTP logs (if you're running |
| 12 |
HTTPD) and send the appropriate information to SecurityFocus. The |
| 13 |
command to do this is: |
| 14 |
|
| 15 |
fgrep ".ida?XXXXX" /var/log/apache/access_log | \ |
| 16 |
cut -d" " -f1,4,5 | \ |
| 17 |
sed -e 's/[][]//g' > aris.txt |
| 18 |
|
| 19 |
Mail to : |
| 20 |
subjects: "ARIS Infection Report from httpd access_log" |
| 21 |
email id : aris-report@×××××××××××××.com |
| 22 |
|
| 23 |
[Line may have wrapped] |
| 24 |
|
| 25 |
This would work on a gentoo system. Please use the appropriate path |
| 26 |
to your Apache logfile for other systems and you can pipe the output to mail command. |
| 27 |
|
| 28 |
Regards, |
| 29 |
|
| 30 |
|
| 31 |
pm |
| 32 |
-- |
| 33 |
Developer <pm@g.o> |
| 34 |
Gentoo Linux http://gentoo.org |
| 35 |
|
| 36 |
#exclude <windows.h> |
Archives