[Dshield] Code Red Reinfection After Patch Installed

Chew, Freeland (Roanoke) FChew at ecpi.edu
Sat Jul 21 18:04:05 GMT 2001


Hi 

  I am Freeland Chew, MIS head at ECPI Technical College in Roanoke
Virginia. 

  I run a Windows 2000 Exchange server that was compromised by Code Red
early on the 20th; I assumed because I neglected to reinstall the patch
after I had installed Service Pack 2.

  After the compromise was discovered I took the machine of the network,
rebooted it and reinstalled all patches including the buffer overflow that
Code Red uses.

  At least 8 hours later, my log files tell me that the machine has been
reinfected. 

  I have double checked and I am sure I installed the correct patch both
times.  I am a contributer to the www.dshield.org so I pay attention to
these things and I am quite convinced this reinfection is not an IO (Idiot
Operator) error.

  Has anyone else reported anything that suggests the the patch might not be
fully effective? 

  Freeland Chew 




**********************************************************************
This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager.

This footnote also confirms that this email message has been swept by
MIMEsweeper for the presence of computer viruses.

www.mimesweeper.com
**********************************************************************




More information about the list mailing list