Duane, Thanks for the pointer. So far I have not found any "*.eml" in my servers. http://www.mandrakeforum.com/article.php?sid=1205&lang=en says that "This worm distributes itself not via email and SMB shares, but also via Internet Explorer when visiting infected webservers. " Does it get to the linux boxes via SMB? dc On Sat, 10 Nov 2001, Patrick Duane Dunston wrote: > To: security-discuss@linuxsecurity.com > Subject: Re: Question about .eml files I am finding > > > I am finding files on my filesystem mostly where apache has access and I have no clue why they are showing up on my server nor can I find any information in my logs > > > > Here is the Directory Listing > > > Here are a couple of emails I found. Does this apply to your setup? > > > I found this info on the web: > > http://lugwash.washtenaw.cc.mi.us/linux-users/2001-09/msg00123.html > http://www.mandrakeforum.com/article.php?sid=1205&lang=en > > If not then start preparing to audit your machine for a potential > intrusion attempt. > > http://www.cert.org/tech_tips/intruder_detection_checklist.html > http://www.cert.org/tech_tips/root_compromise.html > > > -- > duane David Correa RHCE CCNA _ _ _ _ _ _ _ _ ___ ____ ____ _ _ tech@linux-tech.com | | |\ | | | \/ | |___ | |__| http://www.linux-tech.com |___ | | \| |__| _/\_ | |___ |___ | | ------------------------------------------------------------------------ To unsubscribe email security-discuss-request@linuxsecurity.com with "unsubscribe" in the subject of the message.
