Jump to content



Recommended Posts

Information on "Code Red" IIS worm virus<P>Please be aware that the impacts of this worm will not only effect our web<BR>servers if not protected, but the performance of the Internet. "There is reason<BR>for concern that the mass traffic associated with this worm's propagation could<BR>degrade the functioning of the Internet," according to Ronald Dick, director of<BR>the National Infrastructure Protection Center.<P>We have taken every precaution internally with servers that we have control<BR>over. There are, however department web servers which could become infected and<BR>propagate the worm to other servers.<P>The worm remains active between the first of the month and the 28th, when it<BR>goes into hibernation. While the worm does not reactivate itself automatically,<BR>any computer vandal sending a copy of the worm once the active period begins-in<BR>this case at 12:01 a.m. GMT Aug. 1, or 5 p.m. PDT Tuesday would start a new<BR>round of infections. On the 19th of the month, the worm is set to switch to<BR>attack mode and barrage the whitehouse.gov Internet domain with large packets of<BR>data.<P>A malicious piece of code, operating as a computer worm, is exploiting unpatched<BR>IIS Web servers on the Internet. This worm, dubbed "Code Red", exploits a<BR>security vulnerability in the Windows NT4 and Windows 2000 Index Services, and<BR>may result in one of several outcomes, including web site defacement and<BR>installation of Denial of Service tools. A patch for this vulnerability was<BR>released on June 18th, 2001, and is discussed in Microsoft Security Bulletin<BR>MS01-033.<P><BR>Analysis of the Code Red worm shows that it will infect unpatched IIS servers -<BR>first defacing the web page, and then loading malicious code that could be used<BR>in launching Distributed Denial of Service (DDOS) attacks. The defaced web page<BR>may contain the words "Hacked by Chinese!" and a link to <A HREF="http://www.worm.com," TARGET=_blank>http://www.worm.com,</A> <BR>while the DDOS code appears to prepare the system to launch an attack against <A HREF="http://www.whitehouse.gov." TARGET=_blank>www.whitehouse.gov.</A> Upon compromising the system, the worm attempts to propagate<BR>itself to other unpatched IIS systems on the Internet.<P>The patch provided Microsoft Security Bulletin MS01-033 eliminates the<BR>vulnerability exploited by the worm, and systems that have applied the patch are<BR>not vulnerable to this attack.<P><BR>Thank You,<BR>Client Services<BR> shocked.gif" border="0cool.gif" border="0

Link to comment
Share on other sites

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Create New...

Important Information

Lees alvorens je verder gaat onze Terms of Use en Privacy Policy. We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.