New Code Red Variant

Security 10918 Published by Philipp Esselbach 0

Clutch (Thanks) forward the follow news from IISAnswers to me:

I am posting a message about a new variant of the Code Red virus that has started circulating. This one is much worse and if you are infected, probably ought to reformat.

This morning, AFAIK, a new Code Red variant was released.

Experts warn of new Code Red strain

Security 10918 Published by Philipp Esselbach 0

A new and possibly more virulent version of the Code Red computer worm was detected circulating the Internet over the weekend, attacking machines and leaving them vulnerable to other intruders, a leading Internet security site reported.

The Systems Administration, Networking and Security Institute (SANS) said in an advisory on its Web site that the latest variant of the computer virus seems to leave a back door in infected systems that makes them easy for an intruder to infiltrate.

Read more

SirCam worm still spreading documents

Security 10918 Published by Philipp Esselbach 0

Like a summer cold that just won't go away, the SirCam e-mail worm lingers on, sending out the contents of infected hard drives for all the world to see.

Even as most companies have prevented their networks from spreading the bug, individual computer users continue to send out infected files day after day, with the worm piggybacking on documents ranging from confidential to comical: recipes, shopping lists and lots and lots of resumes. The result is that SirCam is still spreading two weeks after it first cropped up.

Read more

Over 1 Million Have Downloaded Code Red Patch

Security 10918 Published by Philipp Esselbach 0

The worm will scan the Internet from infected servers, searching for servers that do not have Microsoft's fix in place. As more systems become infected, the worm's propagation will increase, potentially resulting in the Internet slowdown. But there is hope that the second wave of the worm will not be as devastating as the first.

According to Microsoft, as of late Monday, more than 1 million patches had been downloaded. Experts hope that the estimated 6 million potential targets will be patched by Tuesday's deadline.

Read more

Code Red Worm

Security 10918 Published by Philipp Esselbach 0

Just received the follow security bulletin from Microsoft:

The Microsoft Security Response Center, along with other organizations listed below, is jointly publishing this alert that ALL IIS ADMINISTRATORS ARE ASKED TO READ

A Very Real and Present Threat to the Internet:
July 31 Deadline For Action

Summary:

The Code Red Worm and mutations of the worm pose a continued and serious threat to Internet users. Immediate action is required to combat this threat. Users who have deployed software that is vulnerable to the worm (Microsoft IIS Versions 4.0 and 5.0) must install, if they have not done so already, a vital security patch.

How Big Is The Problem?

On July 19, the Code Red worm infected more than 250,000 systems in just 9 hours. The worm scans the Internet, identifies vulnerable systems, and infects these systems by installing itself. Each newly installed worm joins all the others causing the rate of scanning to grow rapidly. This uncontrolled growth in scanning directly decreases the speed of the Internet and can cause sporadic but widespread outages among all types of systems. Code Red is likely to start spreading again on July 31st, 2001 8:00 PM EDT and has mutated so that it may be even more dangerous. This spread has the potential to disrupt business and personal use of the Internet for applications such as electronic commerce, email and entertainment.

Who Must Act?

Every organization or person who has Windows NT or Windows 2000 systems AND the IIS web server software may be vulnerable. IIS is installed automatically for many applications. If you are not certain, follow the instructions attached to determine whether you are running IIS 4.0 or 5.0. If you are using Windows 95, Windows 98, or Windows Me, there is no action that you need to take in response to this alert.

What To Do If You Are Vulnerable?

a. To rid your machine of the current worm, reboot your computer.
b. To protect your system from re-infection:
Install Microsoft's patch for the Code Red vulnerability problem:

Download for Windows NT 4.0
Download for Windows 2000 Professional, Server and Advanced Server

Windows Media Player .NSC Processor Contains Unchecked Buffer

Security 10918 Published by Philipp Esselbach 0

Windows Media Player provides support for audio and video streaming. Streaming media channels can be configured by using Windows Media Station (.NSC) files. An unchecked buffer exists in the functionality used to process Windows Media Station files. This unchecked buffer could potentially allow an attacker to run code of his choice on the machine of another user. The attacker could either send a specially malformed file to another user and entice her to run or preview it, or he could host such a file on a web site and cause it to launch automatically whenever a user visited the site. The code could take any action on the machine that the legitimate user himself could take.

Read more

Malformed RPC Request Can Cause Service Failure

Security 10918 Published by Philipp Esselbach 0

Several of the RPC servers associated with system services in Microsoft Exchange, SQL Server, Windows NT 4.0 and Windows 2000 do not adequately validate inputs, and in some cases will accept invalid inputs that prevent normal processing. The specific input values at issue here vary >from RPC server to RPC server.

An attacker who sent such inputs to an affected RPC server could disrupt its service. The precise type of disruption would depend on the specific service, but could range in effect from minor (e.g., the service temporarily hanging) to major (e.g., the service failing in a way that would require the entire system to be restarted).

Read more

Invalid RDP Data Can Cause Memory Leak in Terminal Services

Security 10918 Published by Philipp Esselbach 0

The Windows 2000 Terminal Service and Windows NT 4.0 Terminal Server Edition contains a memory leak in one of the functions that processes incoming Remote Data Protocol data via port 3389. Each time an RDP packet containing a specific type of malformation is processed, the memory leak depletes overall server memory by a small amount.

If an attacker sent a sufficiently large quantity of such data to an affected machine, he could deplete the machine's memory to the point where response time would be slowed or the machine's ability to respond would be stopped altogether. All system services would be affected, including but not limited to terminal services. Normal operation could be restored by rebooting the machine.

A patch is available to fix this vulnerability. Please read the Security Bulletin for information on obtaining this patch.

Read more

SirCam hits FBI cyber-protection unit

Security 10918 Published by Philipp Esselbach 0

Thanks to Atreyu for this one:
A researcher in the Federal Bureau of Investigation's cyber-protection unit unleashed a fast-spreading Internet virus that e-mailed private FBI documents to outsiders--all on the eve of a Senate hearing into troubles at the unit.

Read more

Previous Page

Next Page

Windows

Linux

macOS

Community

  • SeveG
    need some help here... situationPC= Packard BellOS= win1 ...
  • dhamu
    Hello Phil, I have a Linux Tutorial website that curre ...
  • StephanX
    Hi friends, i am new in the Linux universe but i try to ...