[TCLUG] New Worm based on Code Red? [Fwd: Re: Code Red 2 infecting one ofyour systems]

Tue Sep 18 10:32:19 CDT 2001

Mike Hicks <hick0088 at tc.umn.edu> wrote:
> 
> Dave Sherman <dsherman at real-time.com> wrote:
> > 
> > Anybody hear of a new worm based on Code Red? This guy that I am
> > talking to seems to think so.
> 
> Yes, I just got two copies this morning.

Actually, I should be more careful about what I say.  It doesn't actually
follow the signature of Code Red, which will GET default.ida?XXXX... or
default.ida?NNNN...

This one appears to use other vulnerabilities, but to the same effect.

Are IIS updates available through http://windowsupdate.microsoft.com/ ? 
They really should be, if they aren't..

If you run a Windows box, you should visit there every week.  If you run a
Windows server, visit every day.

-- 
 _  _  _  _ _  ___    _ _  _  ___ _ _  __   I do not fear computers. 
/ \/ \(_)| ' // ._\  / - \(_)/ ./| ' /(__   I fear the lack of them. 
\_||_/|_||_|_\\___/  \_-_/|_|\__\|_|_\ __)                             
[ Mike Hicks | http://umn.edu/~hick0088/ | mailto:hick0088 at tc.umn.edu ]
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 232 bytes
Desc: not available
Url : http://shadowknight.real-time.com/pipermail/tclug-list/attachments/20010918/03135603/attachment.pgp