| This warning is from a Message of the Day from my ISP, presumably the copy of the original warning. The attachment contains a detailed analysis of the worm as well.
What about WinME?
According to what I read Win9x/ME would not be affected. As far as I remember, this one only affects the Microsoft Internet Information Server (web server), particularly IIS 5 (this version comes with Win2k, both Professional and Server edition). This is _not_ an email worm (it does not spread via email). What it does do:
- searches a range of IP addresses for websites running IIS web on server.
- if it finds one, tries to break into the server using one of the known vulnerablities of IIS.
- If it succeeds, it does 3 things:
- searches for other machines to attack (see step 1)
- if your language / locale setting on the machine is english/US, then it will replace the site on the machine with a message that says "Hacked by the Chinese" or something like that
- it will engage in denial of service attacks against the White House website
You are only vulnerable to this one if:
- you have Microsoft Internet Information Server installed on your NT or Win2k box and
- IIS is actually running and
- The machine is accessible from the internet (ie: there is no firewall etc blocking incoming connections to port 80)
Would Norton catch it?
<wild guess>I suppose the latest Norton definitions might pick it up, but for that you'd have to regularly scan your machine and I don't think most proper, dedicated webservers would have antivirus installed anyway (slows the server down)</wild guess> |
