anonymous
Tue Sep 14 12:57:34 CDT 2004
Mike -
We have 500+ sites, 50,000+ nodes, and countless users.
So what you're saying, and asking (while I know already
it's the right thing to do) is impossible. What I'm
asking for are tricks smoeone's tried that have worked.
w00t
>-----Original Message-----
>I guess first thing that you can do is disconnect your
network to stop the
>spreading. Then you can start cleaning your computers.
Next thing you can do
>is change your administrator passwords. Then all your
users will have to
>change their passwords... etc...
>
>Make sure that you block TCP port 5190 on any device that
can do this for
>you (routers, firewalls, ...)
>
>
http://securityresponse.symantec.com/avcenter/venc/data/w3
2.hllw.anig.html
>
>Mike
>
>"w00t" <anonymous@discussions.microsoft.com> wrote in
message
>news:1ee701c49a6a$adaaf690$a301280a@phx.gbl...
>> Hello - Does anyone have any good ways to trap the Anig
>> worm in a large-scale environment? (30,000+ users)?
>> Apparently it's snagged one of our Domain Admin
>> credentials, and it's spreading like mad cow disease in
>> the UK.
>>
>> :) Thanks in advance.
>
>
>.
>