[TriLUG] Battleing new IIS worm - appreciate ANY help!

Mike Johnson mike at enoch.org
Tue Sep 18 14:56:07 EDT 2001


Jon Carnes [jonc at nc.rr.com] wrote:

> Not here.  They don't have the rights to do such a thing, and I force the
> webteam to use FTP for publishing.

Er, I think you missed what I was trying to say.  This is (of course)
an internet wide worm.  If your users use Outlook and someone sends
them a copy of the virus and they open it...  The think attacks websites
(anywhere), and if it compromises the server, it adds a bit of javascript
that will try and download a copy of the virus from the compromised
server.  Due to other bugs, this thing will be executed if they're
using IE.  Once it's executed, they're infected again.

It gets worse.  Basicly, if you've got users running IE and/or
Outlook, I feel for you.

Mike
-- 
Never trust a man who puts anything other than a finger up his nose. - _Snatch_



More information about the TriLUG mailing list