Security 10967 Published by Philipp Esselbach 0

Code Red claimed two major victims this week, as Microsoft confirmed that some servers running its MSN Hotmail service were infected with a version of the worm and express-shipping giant Federal Express said the worm interfered with some deliveries Wednesday.

Microsoft spokesman Jim Desler said Thursday that some Hotmail servers were brought offline to deal with the problem and that service was not disrupted. About 110 million people have accounts with the free Web-based e-mail service, according to Microsoft.

Read more

Security 10967 Published by Philipp Esselbach 0

The security firm Vigilinx Inc. is alerting customers of a first-ever worm that replicates using an Adobe portable document format (PDF). The PeachyPDF@mm worm mass mails itself through Microsoft Outlook. Not only does it send itself to 100 addresses from an infected users' address book, it also sends itself to the users' alternative E-mail addresses.

Read more

Security 10967 Published by Philipp Esselbach 0

A meaner version of the Code Red Internet worm has made its first appearance in Asia, infesting dozens of computers in China, security experts said on Tuesday.

South Korea was trying to determine whether it was this pernicious worm which had attacked government computers and Hong Kong also reported at least one confirmed infection.

Read more

Security 10967 Published by Philipp Esselbach 0

Clutch (Thanks) forward the follow news from IISAnswers to me:

I am posting a message about a new variant of the Code Red virus that has started circulating. This one is much worse and if you are infected, probably ought to reformat.

This morning, AFAIK, a new Code Red variant was released.

Security 10967 Published by Philipp Esselbach 0

A new and possibly more virulent version of the Code Red computer worm was detected circulating the Internet over the weekend, attacking machines and leaving them vulnerable to other intruders, a leading Internet security site reported.

The Systems Administration, Networking and Security Institute (SANS) said in an advisory on its Web site that the latest variant of the computer virus seems to leave a back door in infected systems that makes them easy for an intruder to infiltrate.

Read more

Security 10967 Published by Philipp Esselbach 0

Like a summer cold that just won't go away, the SirCam e-mail worm lingers on, sending out the contents of infected hard drives for all the world to see.

Even as most companies have prevented their networks from spreading the bug, individual computer users continue to send out infected files day after day, with the worm piggybacking on documents ranging from confidential to comical: recipes, shopping lists and lots and lots of resumes. The result is that SirCam is still spreading two weeks after it first cropped up.

Read more

Security 10967 Published by Philipp Esselbach 0

The worm will scan the Internet from infected servers, searching for servers that do not have Microsoft's fix in place. As more systems become infected, the worm's propagation will increase, potentially resulting in the Internet slowdown. But there is hope that the second wave of the worm will not be as devastating as the first.

According to Microsoft, as of late Monday, more than 1 million patches had been downloaded. Experts hope that the estimated 6 million potential targets will be patched by Tuesday's deadline.

Read more

Security 10967 Published by Philipp Esselbach 0

Just received the follow security bulletin from Microsoft:

The Microsoft Security Response Center, along with other organizations listed below, is jointly publishing this alert that ALL IIS ADMINISTRATORS ARE ASKED TO READ

A Very Real and Present Threat to the Internet:
July 31 Deadline For Action

Summary:

The Code Red Worm and mutations of the worm pose a continued and serious threat to Internet users. Immediate action is required to combat this threat. Users who have deployed software that is vulnerable to the worm (Microsoft IIS Versions 4.0 and 5.0) must install, if they have not done so already, a vital security patch.

How Big Is The Problem?

On July 19, the Code Red worm infected more than 250,000 systems in just 9 hours. The worm scans the Internet, identifies vulnerable systems, and infects these systems by installing itself. Each newly installed worm joins all the others causing the rate of scanning to grow rapidly. This uncontrolled growth in scanning directly decreases the speed of the Internet and can cause sporadic but widespread outages among all types of systems. Code Red is likely to start spreading again on July 31st, 2001 8:00 PM EDT and has mutated so that it may be even more dangerous. This spread has the potential to disrupt business and personal use of the Internet for applications such as electronic commerce, email and entertainment.

Who Must Act?

Every organization or person who has Windows NT or Windows 2000 systems AND the IIS web server software may be vulnerable. IIS is installed automatically for many applications. If you are not certain, follow the instructions attached to determine whether you are running IIS 4.0 or 5.0. If you are using Windows 95, Windows 98, or Windows Me, there is no action that you need to take in response to this alert.

What To Do If You Are Vulnerable?

a. To rid your machine of the current worm, reboot your computer.
b. To protect your system from re-infection:
Install Microsoft's patch for the Code Red vulnerability problem:

Download for Windows NT 4.0
Download for Windows 2000 Professional, Server and Advanced Server