We were attacked the same way early this morning. We still have one server
that seems to be affected but it has always had a Dr Watson come up for
inetinfo.exe We have SiteServer 2.0 running so we think it could be related
to that. Only one of our servers would constantly stop running web
services. It would run fine ftp services but as soon as we would start Web
services it would all stop. I though it was a registry issue since I have
had problems years back with the last website entered had a back registry
setting so I deleted a couple and thought I should do a check for any
updates and there was the fix form Microsoft.
Steve Polyak
MFM Communications
Calgary, Canada
-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of mailsupport
Sent: July 19, 2001 9:20 PM
To: [EMAIL PROTECTED]
Subject: RE: [IMail Forum] IIS 5 - Chinese Worm
Yes, We've had the same exact problem on our IIS 4.0 machines. Service pack
did work.
Chris Turner
[EMAIL PROTECTED]
-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of IMail Admin at
BC Web
Sent: Thursday, July 19, 2001 7:55 PM
To: [EMAIL PROTECTED]
Subject: Re: [IMail Forum] IIS 5 - Chinese Worm
We were apparently hit by this, but it didn't work exactly as described.
I'm not sure if we got hit by something else at the same time (coincidence)
or if the worm was unable to fully infect us, so it just go part way.
In our case, the worm causes all our web services to stop. That is, the
www, ftp, smtp, and similar services were stopped. If we restarted them,
they would be stopped again within a few seconds. We applied the
recommended MS patch (01-033), and that seems to have stopped the attack.
Did anyone else see symptons like ours? Also, the patches block the attach,
but I'm wondering how to actually remove any infecting files from our
systems.
Ben Bednarz
BC Web
----- Original Message -----
From: "David Setzer" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Thursday, July 19, 2001 2:56 PM
Subject: [IMail Forum] IIS 5 - Chinese Worm
> Slightly off topic but I know alot of us are running IIS 5. This hit 5 of
> our servers this am. Uses the same seed to generate random IPs for
> additional targets so early infected machines get hit with each new
> infectee. Patch seems to have worked. M$ support lines busy, hard to get
> through.
>
> http://www.eeye.com/html/Research/Advisories/AL20010717.html
>
http://support.microsoft.com/support/kb/articles/q300/9/72.asp?id=300972&SD=
> MSKB
>
> David
>
>
> Please visit http://www.ipswitch.com/support/mailing-lists.html
> to be removed from this list.
>
> An Archive of this list is available at:
> http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
>
Please visit http://www.ipswitch.com/support/mailing-lists.html
to be removed from this list.
An Archive of this list is available at:
http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
Please visit http://www.ipswitch.com/support/mailing-lists.html
to be removed from this list.
An Archive of this list is available at:
http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
Please visit http://www.ipswitch.com/support/mailing-lists.html
to be removed from this list.
An Archive of this list is available at:
http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
