Fri, 19 Sep 2003
Grr
So. I bugger off for most of a week, buy a car, drive around
large chunks of Yorkshire and Lancashire, finally get home
dog-tired and in need of a bath, then log on to check my
email. And what do I find? Another Microsoft-specific worm,
the Swen-A (aka Gibe-F).
It's so prolific that it's hammering my mail server --
about 330 copies received since it first started up yesterday
-- and each copy runs to 140Kb or more in size. The
SpamAssassin system is catching them but they're coming so
thick and fast that this puny little server can't reclaim
memory from terminated SpamAssassin scripts fast enough to
keep up. With results like this (in UNIXese):
[root@raq981 /root]# w
6:27pm up 73 days, 23:24, 2 users, load average: 59.08, 60.54, 63.32
USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT
charlie pts/0 82.41.202.133 6:13pm 3.00s 0.44s 0.08s sh
root pts/1 82.41.202.133 6:14pm 39.00s 0.44s 0.23s w
The key indicator are the three decimal numbers after "load
average" -- the instant, one minute, and five minute load
ratings. A load average of 1.00 means the machine has one job
waiting to run for each CPU. A load average of 59 means the
machine is staggering along sluggishly, with 59 jobs tapping
their fingers impatiently as it hurries to keep up.
Yes, Windows viruses can totally fuck a UNIX server up
beyond recognition. All it takes is enough of them.
(Now writing procmail rules to bin the bastards on sight,
rather than relying on the accurate but memory-hungry
SpamAssdassin. Gaah. Where's my bath?)
[ Discuss Spam ]
posted at: 19:11 | path: /virus | permanent link to this entry
|