If you plan on emailing all your users that are infected, I would ensure that you put "YOU COULD BE INFECTED" or something simular, or your call centers will be bombarded with people that have already cleaned their systems. Barry ----- Original Message ----- From: "Simon Lyall" To: Sent: Friday, August 29, 2003 11:34 AM Subject: [nznog] Blaster.D/Nachi Worm. Infected NZ IPs

As part of tracing our customers infected with the Blaster D, Nachi worm

[1]

I've been go through our traffic logs.

A side effect of this is that it's really easy for me to get a list of NZ ip's that appear to be infected and that have pinged our customers.

If anyone [2] is interested in a copy I'd be happy to send them one.

Format will be:

<Epoch Time><space><ip>

ie:

1062069861 23.81.23.21 1062069939 156.74.132.12

Send me an email if interested. I can probably do last night and some of this morning. 2 hours worth of last night was approx 400 different ips.

[1] This one:

http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_MSBLAST .D

[2] Network or abuse admins I mean, not other people who may be on the

list.

-- Simon Lyall. | Newsmaster | Work: simon.lyall(a)ihug.co.nz Senior Network/System Admin | Postmaster | Home: simon(a)darkmere.gen.nz Ihug Ltd, Auckland, NZ | Asst Doorman | Web:

http://www.darkmere.gen.nz

_______________________________________________ NZNOG mailing list NZNOG(a)list.waikato.ac.nz http://list.waikato.ac.nz/mailman/listinfo/nznog