[unisog] ida worm
flynngn at jmu.edu
Thu Jul 19 20:08:44 GMT 2001
Russ Harvey wrote:
> Anyone else getting barraged?
Since early last weekend. :(
Just a heads up...the public exploit was republished again today
so other shenanigans may start up too.
Also, two caveats:
1) One of our departmental IIS systems' web service was shutting
down every couple minutes. Since installing the patch it has
run fine. Not sure if it was a side effect of being infected,
a botched compromise attempt, or what at this point. Just
thought ya'll want to know if one of your servers goes bonkers.
2) Trying to be proactive, I scanned the entire campus several days
ago with ISS Internet Scanner using the test to check for the
ISAPI idq.dll bug (MS01-033) which the worm exploits. The scanner
told me everything was fine. Since then I've patched two systems :(
Its the test that came out with the 4.10 update and its under
NT Patches and called IssIsapiIdqBo. I only mention this because I
know some other edu sites depend upon this scanner. Anyone else had
Security Engineer - Technical Services
James Madison University
More information about the unisog