[TriLUG] Battleing new IIS worm - appreciate ANY help!

jeremyp at pobox.com jeremyp at pobox.com
Tue Sep 18 13:02:13 EDT 2001


NTBugTraq says to immediately disconnect any infected IIS boxen, as
they're just learning the scope, and don't yet know how to disinfect.

Apparently it tries to spread via Windows shares, sends email to infect OE
users, attacks other servers code-red style, and modifies web pages with
the OE exploit as well.  Nasty thing, and it started at the one-week
anniversery of the bombings. See NTBugTraq archives for more info, plus
there's stuff on Symantec's web site.

I haven't had any huge network problems from it; Apache of course just
404s everything, so the worst problem is filling up logs.  But I know you
have a big server farm -- is the added traffic your big problem?

--Jeremy

On Tue, 18 Sep 2001, Jon Carnes wrote:

> Yah its off topic...
> 
> Jon
> 
> _______________________________________________
> TriLUG mailing list
> http://www.trilug.org/mailman/listinfo/trilug
> 




More information about the TriLUG mailing list