Alert: New Code Red F worming its way through the 'net
From: Russ (Russ.Cooper@RC.ON.CA)
Date: 03/11/03
- Previous message: Russ: "Alert: New Worm - W32/Deloder on TCP445"
- Next in thread: Randy Hinders: "Re: Alert: New Code Red F worming its way through the 'net"
- Maybe reply: Randy Hinders: "Re: Alert: New Code Red F worming its way through the 'net"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 11 Mar 2003 13:27:32 -0500 From: Russ <Russ.Cooper@RC.ON.CA> To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM
FYI, at 10:15am EST this morning WormCatcher detected a new variant of
Code Red, called Code.Red.F, worming its way through hosts from Finland,
the U.S., and Australia. Since then it has continued, slowly, infecting
more hosts around the globe.
The infection method is the same as the original Code Red, so the
protections are the same;
- Remove IIS from the box completely
- Remove Script Mappings, particularly .IDA mappings
- Patch (MS01-033)
Too bad ISPs don't block access to attacking IIS boxes the way they did
with Slammer. This version appears to eliminate or change the drop-dead
date that previous versions of Code Red had.
If you're interested in WormCatcher, check out;
http://www.ntbugtraq.com/wormcatcher.asp
Cheers,
Russ - Surgeon General of TruSecure Corporation/NTBugtraq Editor
"My thoughts are facts in my world, opinion to you. YMMV"
oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
Delivery co-sponsored by TruSecure
oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
FREE 14-DAY TRIAL of New Threat & Vulnerability Notification Service
TruSecure's new IntelliShield(tm) web-based threat and vulnerability
service isn't your typical alert service. Supported by TruSecure's vast
intelligence resources - including the ICSA Labs - IntelliShield's early
warning, analysis, decision support, and threat management tools provide
organizations with unmatched intelligence to better protect critical
information assets. Experience it for yourself - just click below to begin
your FREE, NO OBLIGATION 14-day trial today!
http://www.trusecure.com/offer/s0074/
oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
- Previous message: Russ: "Alert: New Worm - W32/Deloder on TCP445"
- Next in thread: Randy Hinders: "Re: Alert: New Code Red F worming its way through the 'net"
- Maybe reply: Randy Hinders: "Re: Alert: New Code Red F worming its way through the 'net"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
