Hi, As you're aware, the ARIS worm is spreading real fast on the Internet. My dial-up machine has received nearly 200 ARIS probes from infected machines since this morning, in about 6 hours of uptime.
SecurityFocus has setup an ARIS notification address. They will notify the administrators of infected systems given the IP's of these systems, which will help curb the spread of the virus.
This is a request to please cull your HTTP logs (if you're running HTTPD) and send the appropriate information to SecurityFocus. The command to do this is:
fgrep ".ida?XXXXX" /var/log/httpd/access_log | \ cut -d" " -f1,4,5 | \ sed -e 's/[][]//g' | \ Mail -s "ARIS Infection Report from httpd access_log" aris-report@securityfocus.com
[Line may have wrapped]
This would work on a RH 6.2 system. Please use the appropriate path to your Apache logfile for other systems.
Regards,
PM