From: "Geo" 

You might want to tell serverguy about something I saw.

One of our downstream ISP's got hit by a worm on a DNS server (the PnP
exploit thing) an they thought they cleaned it but the next night it
started spamming. About that same time their second dns server probed one
of my machines on ports 139, 445, and (I forget now) either 6101 or 7101
which I thought a bit strange. So I checked it out and it turned out to be
the backup exec agent port.

When I told them about it they checked both machines and found both to have
been rooted and both were fully patched except for the backup agent.

So, either there is a worm that's hitting the backup exec exploit or the
spammers are actively compromising machines using a backup agent exploit.
Either way it's now patch or die, times up.

Geo.

"Ellen K."  wrote in message
news:j73ig11stv4kcpkjvaq5sp0jq3avbvt8c8{at}4ax.com...
> I sent this to our systems guys when I got it also, no idea whether they
> pay attention when I forward stuff, but...
>
> Meanwhile today when I tried to use our webmail, IE kept trying to go to
> an address in the 10.xxx.xxx.xxx range (the one it tried to go to is in
> fact the internal address of our mailserver) so of course I kept getting
> "the page cannot be displayed"...   After investigating, ServerGuy
> reported that the Veritas agent had hung a file on the mailserver while
> trying to back it up and that this supposedly caused the problem.
>
> 
>

--- BBBS/NT v4.01 Flag-5