1 |
Hi, |
2 |
|
3 |
As you're aware, the ARIS worm is spreading real fast on the |
4 |
Internet. My machine has received nearly 400 ARIS probes from |
5 |
infected machines since this morning, in about 6 hours of uptime. |
6 |
|
7 |
SecurityFocus has setup an ARIS notification address. They will |
8 |
notify the administrators of infected systems given the IP's of these |
9 |
systems, which will help curb the spread of the virus. |
10 |
|
11 |
This is a request to please cull your HTTP logs (if you're running |
12 |
HTTPD) and send the appropriate information to SecurityFocus. The |
13 |
command to do this is: |
14 |
|
15 |
fgrep ".ida?XXXXX" /var/log/apache/access_log | \ |
16 |
cut -d" " -f1,4,5 | \ |
17 |
sed -e 's/[][]//g' > aris.txt |
18 |
|
19 |
Mail to : |
20 |
subjects: "ARIS Infection Report from httpd access_log" |
21 |
email id : aris-report@×××××××××××××.com |
22 |
|
23 |
[Line may have wrapped] |
24 |
|
25 |
This would work on a gentoo system. Please use the appropriate path |
26 |
to your Apache logfile for other systems and you can pipe the output to mail command. |
27 |
|
28 |
Regards, |
29 |
|
30 |
|
31 |
pm |
32 |
-- |
33 |
Developer <pm@g.o> |
34 |
Gentoo Linux http://gentoo.org |
35 |
|
36 |
#exclude <windows.h> |