[unisog] Ida /code red worm veriation
Paul L Schmehl
pauls at utdallas.edu
Fri Jul 20 18:02:16 GMT 2001
Were your servers IIS 4.0? There's been reports that the worm may do what
you describe on 4.0 instead of working properly.
--On Friday, July 20, 2001 10:57 AM -0400 "Jay D. Flanagan"
<jflanag at emory.edu> wrote:
> As others have, several of our IIS servers have been hit with what we
> think is a variation of the ida /code red worm.
> Some of the characteristics we are seeing are our web servers stopping
> and starting multiple times and no physical traces were found.
> Some differences between the attack on our web servers and the code red
> worm include that our web servers were brought down and the default web
> page was not defaced.
> Has anyone seem similar situations with their web servers and if so, what
> actions did you take to correct the problem? We have installed the
> Microsoft patch, but it seems to not have stopped any of our problems.
> Thanks in advance for any help you can give us!
> Jay D. Flanagan
> Security Administrator
> Emory University
> Email: jflanag at emory.edu
> Phone: 404-727-4962
> Fax: 404-727-0817
Paul L. Schmehl, pauls at utdallas.edu
Supervisor, Support Services
The University of Texas at Dallas
AVIEN Founding Member
More information about the unisog