Subject: Re: Virus Intrusion Attempt Via Your Network! (KMM103171C0KM)
From: Pacbell
Date: Tue, 30 Oct 2001 14:39:45 -0600
To: firebird@digitaldaemon.com

Thanks for writing in regards to the Nimba Virus. As you probably know,
details regarding this malicious code are available at:

http://www.cert.org/advisories/CA-2001-26.html

Certainly this worm is a major headache for the Internet community in
general and for anyone who runs servers in particular. Pacbell
Internet-operated servers (the few that run Windows operating systems) 
are appropriately patched and secure.

We appreciate your writing to alert us of your situation and what you
have learned. We are concerned and are contacting owners of infected 
servers when it is appropriate for us to do so.

We will not be able to keep you apprised of progress in any individual
matter which you have raised.



----------------------------
Pacific Bell Internet
Policy Department
abuse@pacbell.net
----------------------------



Original Message Follows: 
-------------------------

A virus intrusion attempt via your network IP 63.194.243.234
has been made to IP 63.105.9.55 domain www.surfsmurf.net.

A Nimda intrusion attempt was made against www.surfsmurf.net:
   Remote IP Address : 63.194.243.234, Port : 1502
   Server IP Address : 63.105.9.55, Port : 80
   Request URI : /scripts/root.exe?/c+dir
   Time : Tue Oct 30 13:23:59 2001 (EST)

Please advice your user or customer that their system has been
compromised and is actively being used as launch point for attacking
other systems!

Thanks for taking the appropriate action in this matter.

Sincerely,
FireBird

http://www.digitaldaemon.com/FreeBSD/firebird/