Previous Thread
Next Thread
Print Thread
Rate Thread
Joined: Feb 2001
Posts: 817
Moderator / Kingpin
Moderator / Kingpin
Joined: Feb 2001
Posts: 817
The following is a Public Alert from CERT/CC:

Summary: The Code Red Worm and mutations of the worm pose a continued and serious threat to Internet users. Immediate action is required to combat this threat. Users who have deployed software that is vulnerable to the worm (Microsoft IIS Versions 4.0 and 5.0) must install, if they have not done so already, a vital security patch.

How Big Is The Problem?

On July 19, the Code Red worm infected more than 250,000 systems in just 9 hours. The worm scans the Internet, identifies vulnerable systems, and infects these systems by installing itself. Each newly installed worm joins all the others causing the rate of scanning to grow rapidly. This uncontrolled growth in scanning directly decreases the speed of the Internet and can cause sporadic but widespread outages among all types of systems. Code Red is likely to start spreading again on July 31st, 2001 8:00 PM EDT and has mutated so that it may be even more dangerous. This spread has the potential to disrupt business and personal use of the Internet for applications such as electronic commerce, email and entertainment.

Who Must Act?

Every organization or person who has Windows NT or Windows 2000 systems AND the IIS web server software may be vulnerable. IIS is
installed automatically for many applications. If you are not certain, follow the instructions attached to determine whether you are running IIS 4.0 or 5.0. If you are using Windows 95, Windows 98, or Windows Me, there is no action that you need to take in response to this alert.

What To Do If You Are Vulnerable?

a. To rid your machine of the current worm, reboot your computer.
b. To protect your system from re-infection: Install Microsoft?s patch for the Code Red vulnerability problem:
* Windows NT version 4.0: http://www.microsoft.com/Downloads/Release.asp?ReleaseID=30833
* Windows 2000 Professional, Server and Advanced Server: http://www.microsoft.com/Downloads/Release.asp?ReleaseID=30800

Step-by-step instructions for these actions are posted at http://www.digitalisland.com/codered

Microsoft's description of the patch and its installation, and the vulnerability it addresses is posted at:

http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS01-033.asp

Because of the importance of this threat, this alert is being made jointly by:

Microsoft
The National Infrastructure Protection Center
Federal Computer Incident Response Center (FedCIRC)
Information Technology Association of America (ITAA)
CERT Coordination Center
SANS Institute
Internet Security Systems
Internet Security Alliance


(I wasn't sure what forum this should be posted in. I think it justifies being moved or copied to Announcements.)

Sponsored Links
Joined: May 2001
Posts: 2,798
Member
Member
Offline
Joined: May 2001
Posts: 2,798
Thanks for the info! Saves my @$$, hopefully.

Joined: May 2001
Posts: 6,708
Member
Member
Offline
Joined: May 2001
Posts: 6,708
No wonder my Server went down because It was on a Windows 2000 server could that be the reason..hmm...

Joined: May 2001
Posts: 81
Member
Member
Offline
Joined: May 2001
Posts: 81

Joined: Sep 2000
Posts: 1,304
Addict
Addict
Offline
Joined: Sep 2000
Posts: 1,304
UBBDev is also on an NT based server...wonder if it'll effect us.

Sponsored Links
Joined: Aug 2000
Posts: 13
Junior Member
Junior Member
Offline
Joined: Aug 2000
Posts: 13
Quote
quote:
If you had it, you'd know it. Your sites stop about ever 5 minutes when infected. The patch at Microsoft takes a few minutes to load and seems to do the trick.

Joined: Feb 2001
Posts: 817
Moderator / Kingpin
Moderator / Kingpin
Joined: Feb 2001
Posts: 817
Quote
quote:
That's only partially true. It acts like that only between the 1st and 20th of each month since it is actively probing for other sites to infect. The 21st through the balance of the month it is performing a DoS attack on IP that used to belong to whitehouse.gov and otherwise most servers perform pretty normal during this.

Don't get lured into a false sense of security. If you run Windows check your server and install the patches.

Joined: May 2001
Posts: 6,708
Member
Member
Offline
Joined: May 2001
Posts: 6,708
Quote
quote:
I didn't own it, My server guy ran it off his computer. I just found myt board down the next day. I thought that the Comp the server ran off was turned off but then in my FTP message we had to download everything because it would be cleared for some reason. I'm not sure if it's the virus were talkin 'bout here.

Joined: May 2001
Posts: 15
Junior Member
Junior Member
Offline
Joined: May 2001
Posts: 15
gah! i forgot to check if i have anti virus on the web server at work. aint put the patch on either.

Oh well **** happens eh?

Joined: May 2001
Posts: 1,042
Likes: 7
Moderator
Moderator
Offline
Joined: May 2001
Posts: 1,042
Likes: 7
So is there anything that home users need to download or is this just a webserver problem?

Sponsored Links
Joined: Mar 2000
Posts: 21,079
Likes: 3
I type Like navaho
I type Like navaho
Joined: Mar 2000
Posts: 21,079
Likes: 3
Quote
quote:
Patched a good while ago smile

Is this one different from the one in announcements? https://www.ubbdev.com/ubbcgi/ultimatebb.cgi?ubb=get_topic&f=1&t=000104&p=2


- Allen wavey
- What Drives You?
Joined: Feb 2001
Posts: 817
Moderator / Kingpin
Moderator / Kingpin
Joined: Feb 2001
Posts: 817
Quote
quote:
Yes, very different. This is about the Code Red Worm. It spreads from Windows web server to windows web server through a hole in the OS.

SirCam, which is the one discussed in announcements, is a worm that spreads through e-mail and requires the user to download and THEN execute the attachment for the worm to became wild on their computer.

The Code Red is so dangerous since it actively seeks out non-patched servers the 1st through the 20th of each month and infects those machines without any user intervention. So, if you don't have the patch installed your server will most likely get infected.

On the 19th of July, even some of the servers for windowsupdate.microsoft.com where infected with Code Read and were displaying the "Cracked By China" page for several hours until Microsoft noticed the problem, rebooted, and patched them. :rolleyes:

[ July 31, 2001: Message edited by: Steve_M ]

Joined: Feb 1999
Posts: 1,379
cal Offline
Programmer
Programmer
Offline
Joined: Feb 1999
Posts: 1,379
Quote
quote:
not entirely true wink

the indexing service is optional and any careful sysadmin will turn off all server extensions like that (including the one that lets you look at the source of ANY server side script).

Just a thought smile

Joined: Jul 2001
Posts: 1,111
Member
Member
Offline
Joined: Jul 2001
Posts: 1,111
Quote
quote:

i told u before, it was cut off cause he was runing the server thru a ROAD RUNNER cable :)they told him if he dident stop they would take it away

Joined: May 2001
Posts: 6,708
Member
Member
Offline
Joined: May 2001
Posts: 6,708
Yeah i saw are report on this worm in the news, It sounds pretty bad I hope they find out where it's coming from.

Joined: May 2001
Posts: 81
Member
Member
Offline
Joined: May 2001
Posts: 81
You guys should have read that link I put up..
This is just another media scare story.

I mean seriously, any half decent web server admin would have done this stuff weeks ago..if you're an admin and you had to rely on the morning newspaper..you're already screwed in the long run, may as well change your job.

Well whaddya know..its been August the 1st for almost 12 hours now in the UK, and its almost 6am in the US (EST)...

ONO!!!!!!
MY COMUTAR SCREEN SI MLETING!!!!!!111

Steve Gibson looks like a fool again I guess.

Joined: Mar 2000
Posts: 21,079
Likes: 3
I type Like navaho
I type Like navaho
Joined: Mar 2000
Posts: 21,079
Likes: 3
how did everyone do? it seems the worst might be over...


- Allen wavey
- What Drives You?
Joined: Feb 2001
Posts: 817
Moderator / Kingpin
Moderator / Kingpin
Joined: Feb 2001
Posts: 817
Several Fortune 500 corporations and goverment sites were caught with their pants down but for the most part most system admins heard about it and properly patched their servers. The truth is anyone (working at the corporate level) who didn't patch their equipment for this deserves to have been caught and given an exit package. wink

Hour-by-hour infection data (from SANS Internet Storm Center - the Internet's early warning system) is posted at http://www.digitalisland.net/codered/

[ August 01, 2001: Message edited by: Steve_M ]

Joined: May 2001
Posts: 6,708
Member
Member
Offline
Joined: May 2001
Posts: 6,708
Quote
quote:
Yeah Hopefully that the worst is over and they can get rid of this stupid worm. laugh

Joined: Jun 2001
Posts: 45
Member
Member
Offline
Joined: Jun 2001
Posts: 45
The internet's running pretty slow for me frown


Link Copied to Clipboard
Donate Today!
Donate via PayPal

Donate to UBBDev today to help aid in Operational, Server and Script Maintenance, and Development costs.

Please also see our parent organization VNC Web Services if you're in the need of a new UBB.threads Install or Upgrade, Site/Server Migrations, or Security and Coding Services.
Recommended Hosts
We have personally worked with and recommend the following Web Hosts:
Stable Host
bluehost
InterServer
Visit us on Facebook
Member Spotlight
isaac
isaac
California
Posts: 1,157
Joined: July 2001
Forum Statistics
Forums63
Topics37,573
Posts293,925
Members13,849
Most Online5,166
Sep 15th, 2019
Today's Statistics
Currently Online
Topics Created
Posts Made
Users Online
Birthdays
Top Posters
AllenAyres 21,079
JoshPet 10,369
LK 7,394
Lord Dexter 6,708
Gizmo 5,833
Greg Hard 4,625
Top Posters(30 Days)
Top Likes Received
isaac 82
Gizmo 20
Brett 7
WebGuy 2
Top Likes Received (30 Days)
None yet
The UBB.Developers Network (UBB.Dev/Threads.Dev) is ©2000-2024 VNC Web Services

 
Powered by UBB.threads™ PHP Forum Software 8.0.0
(Preview build 20221218)