Re: Code Red Worm attacks IIS

[Ben Johansen]

Thank you! Paul,   I was able to apply this patch on my servers just in time.   This is a wake-up call for internet security.   here is another article from TECHtv http://www.techtv.com/news/hackingandsecurity/story/0,24195,3338042,00.html   If you are running IIS Web server, you need to apply the patch.   Ben Johansen www.pcforge.com       ----- Original Message ----- From: Paul To: [EMAIL PROTECTED] Sent: Thursday, July 19, 2001 1:39 PM Subject: Code Red Worm attacks IIS Just a Heads up. There is a new worm on the loose that will deface sites served by IIS with the phrase:   "HELLO! Welcome to http://www.worm.com! Hacked By Chinese!"    This affected one of our clients, and the quick fix was to patch the server.   At this point it is unclear how the worm changes IIS. It did not actually change the documents themselves, but rather caused IIS to serve the same message for any document requested.   After patching and restarting the server, the defacements disappeared.   I do not yet know how to eradicate the worm from the machine.   I found some helpful info here: http://www.eeye.com/html/Research/Advisories/AL20010717.html   and a news bite here: http://cnet.com/news/0-1003-200-6616583.html?tag=nbs   And the IIS patches are here: http://windowsupdate.microsoft.com/   Paul