[unisog] ida worm

Gary Flynn flynngn at jmu.edu
Thu Jul 19 20:08:44 GMT 2001

Russ Harvey wrote:
> Anyone else getting barraged?

Since early last weekend. :(

Just a heads up...the public exploit was republished again today
so other shenanigans may start up too.

Also, two caveats:

1) One of our departmental IIS systems' web service was shutting
   down every couple minutes. Since installing the patch it has
   run fine. Not sure if it was a side effect of being infected,
   a botched compromise attempt, or what at this point. Just
   thought ya'll want to know if one of your servers goes bonkers.

2) Trying to be proactive, I scanned the entire campus several days
   ago with ISS Internet Scanner using the test to check for the 
   ISAPI idq.dll bug (MS01-033) which the worm exploits. The scanner 
   told me everything was fine. Since then I've patched two systems :(

   Its the test that came out with the 4.10 update and its under
   NT Patches and called IssIsapiIdqBo. I only mention this because I 
   know some other edu sites depend upon this scanner. Anyone else had 
   similar results?

Gary Flynn
Security Engineer - Technical Services
James Madison University

Please R.U.N.S.A.F.E.

More information about the unisog mailing list