Alert: Check your IIS boxes now!

From: Russ (Russ.Cooper@RC.ON.CA)
Date: 09/18/01

Previous message: Russ: "Re: Alert: Some sort of IIS worm seems to be propagating"
Next in thread: Ben Koshy: "Reducing your Outbound Bandwidth"
Reply: Ben Koshy: "Reducing your Outbound Bandwidth"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Message-ID:  <E9A01F52DC939448BBDE44ED2E1C468F1F14CF@muskie.rc.on.ca>
Date:         Tue, 18 Sep 2001 12:27:41 -0400
From: Russ <Russ.Cooper@RC.ON.CA>
Subject:      Alert: Check your IIS boxes now!
To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM

-----BEGIN PGP SIGNED MESSAGE-----

Numerous people have reported that on IIS servers infected with
w32.nimda.amm, when visitors browse to their website the visitor is
offered up README.EML, which in turn downloads README.EXE to the
visitor.

Please, check your IIS boxes now to see if you are infected. I've had
reports of IIS servers with more than 10,000 .eml files present
(mostly as a result of nimda).

While we don't have any conclusive disinfecting procedures yet, any
IIS box that has been infected definitely shouldn't be available to
clients until we do.

Cheers,
Russ - Surgeon General of TruSecure Corporation/NTBugtraq Editor

-----BEGIN PGP SIGNATURE-----
Version: PGP Personal Privacy 6.5.2

iQCVAwUBO6d1/RBh2Kw/l7p5AQEk4AP+N4foFCyTyBb9nzILJPULLWcEvItbbvm+
Td9+lGUTjvmxbH8dTZ+ITddraZGyD+FDo9fdCGT+XZilSInvhihN1OVE70NgUFPI
5lCm/mTiBExXvos8o61fCzzL9rJ2nCW47Wx1WX//2LHhg740actR+XV0TPQqG1Rw
+6PAR+SPMJc=
=k/xS
-----END PGP SIGNATURE-----

============================================================================
Delivery co-sponsored by Trend Micro, Inc.
============================================================================
TREND MICRO SCANMAIL FOR EXCHANGE 2000 -- SECOND to NONE

If you are worried about email viruses, you need Trend Micro ScanMail for
Exchange. ScanMail is the first antivirus solution that seamlessly
integrates with the Microsoft Exchange 2000 virus-scanning API 2.0. ScanMail
ensures 100% inbound and outbound email virus scanning and provides remote
software management. Download a FREE 30-day trial copy of ScanMail and find
out why it is the best:
http://www.antivirus.com/banners/tracking.asp?si=8&BI;=240&UL;=/smex2000
============================================================================

Previous message: Russ: "Re: Alert: Some sort of IIS worm seems to be propagating"
Next in thread: Ben Koshy: "Reducing your Outbound Bandwidth"
Reply: Ben Koshy: "Reducing your Outbound Bandwidth"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

Re: Alert: Some sort of IIS worm seems to be propagating
... Subject: Alert: Some sort of IIS worm seems to be propagating ... TREND MICRO SCANMAIL FOR EXCHANGE 2000 -- SECOND to NONE ... If you are worried about email viruses, you need Trend Micro ScanMail ...
(NT-Bugtraq)
IIS infection prevention from W32.Nimda.A@mm/TROJ_NIMDA.A
... IIS infection prevention from W32.Nimda.A@mm/TROJ_NIMDA.A ... Go to Microsoft and install UrlScan: ... TREND MICRO SCANMAIL FOR EXCHANGE 2000 -- SECOND to NONE ...
(NT-Bugtraq)
Alert: Some sort of IIS worm seems to be propagating
... There have been numerous reports of IIS attacks being generated by ... TREND MICRO SCANMAIL FOR EXCHANGE 2000 -- SECOND to NONE ...
(NT-Bugtraq)
RE: Unable to View Usage Reports in Server Management
... > Thanks for using the SBS newsgroup. ... Open IIS snap-in. ... Unable to View Usage Reports in Server Management ...
(microsoft.public.windows.server.sbs)
Re: Virtual Directory Access Denied
... may shed a clue about the nature of the 401 and where to look next. ... check the IIS web log for the exact Win32 error code for the non- ... Reports on other Win2k3 server, and do not have this issue. ... virtual directory is set for anonymous access as is the virtual directory. ...
(microsoft.public.inetserver.iis.security)