I immediately disconnected and reinstalled Norton Internet Firewall, which I had to remove last week while writing a book (a section on installing software to protect yourself from Internet abuse, no less).

Using the Guest account, the intruder dropped the files in a couple of shared folders I had left open that contained nothing but a few sample JPGs and WMA files that came with XP. I can't make any sense of the names of the files they gave me: dsc00004.eml, dsc00007.nws, einstein.eml, grid.eml and pre school songs.eml. I'm hoping they were sent to me by an automated process, since Nimda can spread via open shares like the one I was briefly offering the world. However, none of the filenames showed up in a Google search, which I would've expected if they were being routinely used to infect new computers. Does Nimda really copy a few randomly selected files into a shared folder hoping that the user will open them at some point and spread the worm?

Adding further insult, I also was sharing my fax machine -- which had some personal information in recent faxes I wouldn't want to share with a script kiddie.

2002/06/03 · 0 COMMENTS · Link

Add a Comment

All comments are moderated before publication. These HTML tags are permitted: <p>, <b>, <i>, <a>, and <blockquote>. This site is protected by reCAPTCHA (for which the Google Privacy Policy and Terms of Service apply).