We were apparently hit by this, but it didn't work exactly as described.
I'm not sure if we got hit by something else at the same time (coincidence)
or if the worm was unable to fully infect us, so it just go part way.
In our case, the worm causes all our web services to stop. That is, the
www, ftp, smtp, and similar services were stopped. If we restarted them,
they would be stopped again within a few seconds. We applied the
recommended MS patch (01-033), and that seems to have stopped the attack.
Did anyone else see symptons like ours? Also, the patches block the attach,
but I'm wondering how to actually remove any infecting files from our
systems.
Ben Bednarz
BC Web
----- Original Message -----
From: "David Setzer" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Thursday, July 19, 2001 2:56 PM
Subject: [IMail Forum] IIS 5 - Chinese Worm
> Slightly off topic but I know alot of us are running IIS 5. This hit 5 of
> our servers this am. Uses the same seed to generate random IPs for
> additional targets so early infected machines get hit with each new
> infectee. Patch seems to have worked. M$ support lines busy, hard to get
> through.
>
> http://www.eeye.com/html/Research/Advisories/AL20010717.html
>
http://support.microsoft.com/support/kb/articles/q300/9/72.asp?id=300972&SD=
> MSKB
>
> David
>
>
> Please visit http://www.ipswitch.com/support/mailing-lists.html
> to be removed from this list.
>
> An Archive of this list is available at:
> http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
>
Please visit http://www.ipswitch.com/support/mailing-lists.html
to be removed from this list.
An Archive of this list is available at:
http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
