Maybe this is of some help - it can detect CR instead of only detecting if
the server's vulnerable.
http://www.antivirus.com/vinfo/security/detect_codered.exe
Good luck -- Marnix
----- Original Message -----
From: "Balunos, Don" <[EMAIL PROTECTED]>
To: "Red Wolf" <[EMAIL PROTECTED]>
Cc: <[EMAIL PROTECTED]>
Sent: Tuesday, September 11, 2001 3:55 PM
Subject: RE: Default.ida requests
> > http://www.eeye.com/html/Research/Tools/codered.html
>
> it will only tell us if it's the server is vulnerable, though
> it's a good utility tools. but what if the box is already infected by such
> worm is there a way to trace it out from the root where it was started.
> thanks in advance.
>
> Don
> -----Original Message-----
> From: Red Wolf [mailto:[EMAIL PROTECTED]]
> Sent: Tuesday, September 11, 2001 8:38 AM
> To: [EMAIL PROTECTED]
> Subject: RE: Default.ida requests
>
>
> >where can i source out some utility tools
> >for us to check in box remotely
>
> CodeRed Scanner from eEye Digital Security
>
>
> CodeRed Scanner is a tool created by eEye that is able to scan up to
> 254 IP addresses at once and determine if any are vulnerable to the .ida
> "Code Red" attack. If an IP address is found to be vulnerable to the
> .ida vulnerability (which the "Code Red" worm exploits to infect systems),
> then CodeRed Scanner will flag the IP address. Administrators can then
> double-click on the IP address to be taken to a website with information
> on how to fix the vulnerability. Patching the vulnerability effectively
> removes the infection (the worm) and prevents further occurances of
> infection.
>
> ___________________________________________________________________
> To get your own FREE ZDNet Onebox - FREE voicemail, email, and fax,
> all in one place - sign up today at http://www.zdnetonebox.com
>
