In the ongoing battle to detect customers' infected machines, I've come across an interesting bit: any machine infected with the Welchia/Nachi worm is left running an open TFTP server. "Open" in that it will accept any file you hand it.
I still don't know if I'm limited to a folder or if I can put it anywhere I want or pull any file I want. I'm going to have to dig out the old VMWare and try it out, I guess.
Post a Comment