[TriLUG] Battleing new IIS worm - appreciate ANY help!

Mike Johnson mike at enoch.org
Tue Sep 18 13:08:16 EDT 2001


Jon Carnes [jonc at haht.com] wrote:
> Yah its off topic...

You'll want to check the Incidents lists at SecurityFocus.

Well, details seem to still be coming in.  This one is a nifty little
hybrid that spreads via e-mail and by attacking systems directly.
It uses obfuscation to try and hide from IDS, and trys to access
the root.exe and cmd.exe left behind by CodeRedII.

Cute, no?

One more time: if you are going to run IIS, you better stay
on top of patches.  If you are going to run Outlook, you better
stay on top of patches.  If you are going to run IE, you better
stay on top of patches (the worm uploads code to the compromised
web servers which will cause anyone using IE to be at risk
when they visit the website).  If you are going to run Windows,
you better stay on top of patches (just thew that one in for
good measure).

Mike
-- 
Never trust a man who puts anything other than a finger up his nose. - _Snatch_



More information about the TriLUG mailing list