[unisog] Ida /code red worm veriation

Paul L Schmehl pauls at utdallas.edu
Fri Jul 20 18:02:16 GMT 2001

Were your servers IIS 4.0?  There's been reports that the worm may do what 
you describe on 4.0 instead of working properly.

--On Friday, July 20, 2001 10:57 AM -0400 "Jay D. Flanagan" 
<jflanag at emory.edu> wrote:

> As others have, several of our IIS servers have been hit with what we
> think is a variation of the ida /code red worm.
> Some of the characteristics we are seeing are our web servers stopping
> and starting multiple times and no physical traces were found.
> Some differences between the attack on our web servers and the code red
> worm  include that our web servers were brought down and the default web
> page was not defaced.
> Has anyone seem similar situations with their web servers and if so, what
> actions did you take to correct the problem? We have installed the
> Microsoft patch, but it seems to not have stopped any of our problems.
> Thanks in advance for any help you can give us!
> Jay
> ____________________
> Jay D. Flanagan
> Security Administrator
> Emory University
> Email: jflanag at emory.edu
> Phone: 404-727-4962
> Fax: 404-727-0817

Paul L. Schmehl, pauls at utdallas.edu
Supervisor, Support Services
The University of Texas at Dallas
AVIEN Founding Member

More information about the unisog mailing list