The Daily Static
  The Daily Static
UF Archives
Register
UF Membership
Ad Free Site
Postcards
Community

Geekfinder
UFie Gear
Advertise on UF

Forum Rules
& FAQ


Username

Password


Create a New Account

 
 

Back to UserFriendly Strip Comments Index

Code Red worm by undefined2006-11-19 12:55:59
  Code Red Worm by TechnoBill2001-07-31 07:08:14
    Read this link by efti 2006-11-19 12:55:59
This warning is from a Message of the Day from my ISP, presumably the copy of the original warning. The attachment contains a detailed analysis of the worm as well.

What about WinME?

According to what I read Win9x/ME would not be affected. As far as I remember, this one only affects the Microsoft Internet Information Server (web server), particularly IIS 5 (this version comes with Win2k, both Professional and Server edition). This is _not_ an email worm (it does not spread via email). What it does do:

  1. searches a range of IP addresses for websites running IIS web on server.
  2. if it finds one, tries to break into the server using one of the known vulnerablities of IIS.
  3. If it succeeds, it does 3 things:
    • searches for other machines to attack (see step 1)
    • if your language / locale setting on the machine is english/US, then it will replace the site on the machine with a message that says "Hacked by the Chinese" or something like that
    • it will engage in denial of service attacks against the White House website
You are only vulnerable to this one if:
  1. you have Microsoft Internet Information Server installed on your NT or Win2k box and
  2. IIS is actually running and
  3. The machine is accessible from the internet (ie: there is no firewall etc blocking incoming connections to port 80)
Would Norton catch it?

<wild guess>I suppose the latest Norton definitions might pick it up, but for that you'd have to regularly scan your machine and I don't think most proper, dedicated webservers would have antivirus installed anyway (slows the server down)</wild guess>

[ Reply ]

 

[Todays Cartoon Discussion] [News Index]

Come get yer ARS (Account Registration System) Source Code here!
All images, characters, content and text are copyrighted and trademarks of J.D. Frazer except where other ownership applies. Don't do bad things, we have lawyers.
UserFriendly.Org and its operators are not liable for comments or content posted by its visitors, and will cheerfully assist the lawful authorities in hunting down script-kiddies, spammers and other net scum. And if you're really bad, we'll call your mom. (We're not kidding, we've done it before.)