[TriLUG] Battleing new IIS worm - appreciate ANY help!
Tue, 18 Sep 2001 13:08:16 -0400
Jon Carnes [firstname.lastname@example.org] wrote:
> Yah its off topic...
You'll want to check the Incidents lists at SecurityFocus.
Well, details seem to still be coming in. This one is a nifty little
hybrid that spreads via e-mail and by attacking systems directly.
It uses obfuscation to try and hide from IDS, and trys to access
the root.exe and cmd.exe left behind by CodeRedII.
One more time: if you are going to run IIS, you better stay
on top of patches. If you are going to run Outlook, you better
stay on top of patches. If you are going to run IE, you better
stay on top of patches (the worm uploads code to the compromised
web servers which will cause anyone using IE to be at risk
when they visit the website). If you are going to run Windows,
you better stay on top of patches (just thew that one in for
Never trust a man who puts anything other than a finger up his nose. - _Snatch_