-
March 11th, 2003, 10:22 PM
#1
Possible New Variant of Code Red
Note below clipped from notification received by e-mail
-----Original Message-----
From: Russ [mailto:Russ.Cooper@RC.ON.CA]
Sent: Tuesday, March 11, 2003 1:28 PM
To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM
Subject: Alert: New Code Red F worming its way through the 'net
FYI, at 10:15am EST this morning WormCatcher detected a new variant of Code
Red, called Code.Red.F, worming its way through hosts from Finland, the
U.S., and Australia. Since then it has continued, slowly, infecting more
hosts around the globe.
The infection method is the same as the original Code Red, so the
protections are the same;
- Remove IIS from the box completely
- Remove Script Mappings, particularly .IDA mappings
- Patch (MS01-033)
Too bad ISPs don't block access to attacking IIS boxes the way they did with
Slammer. This version appears to eliminate or change the drop-dead date that
previous versions of Code Red had.
If you're interested in WormCatcher, check out;
http://www.ntbugtraq.com/wormcatcher.asp
Cheers,
Russ - Surgeon General of TruSecure Corporation/NTBugtraq Editor "My
thoughts are facts in my world, opinion to you. YMMV"
Some other information indicates the following possibilities
the cutoff date may have been removed
the string is slightly different
-
March 11th, 2003, 10:43 PM
#2
the same people with the same unpatched servers. maybe the virus writers would do the world a favor and swipe the hard drives of these morons clean and leave our bandwidth alone. what has it been three years now? they have no interest in patching.
Bukhari:V3B48N826 “The Prophet said, ‘Isn’t the witness of a woman equal to half of that of a man?’ The women said, ‘Yes.’ He said, ‘This is because of the deficiency of a woman’s mind.’”
-
March 11th, 2003, 11:23 PM
#3
I have to agree. I find it very disheartening that the IT job market is declining, yet we continue to see time and time again that there are too many ignorant Admins out there who refuse to patch and take the necessary precautions. But then again, if their bosses were educated enough to know their Admins were ignorant and lazy, there'd be more jobs available...
Originally posted here by Tedob1
the same people with the same unpatched servers. maybe the virus writers would do the world a favor and swipe the hard drives of these morons clean and leave our bandwidth alone. what has it been three years now? they have no interest in patching.
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|