[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[cobalt-users] worm attack
- Subject: [cobalt-users] worm attack
- From: Lumir G Janku <lgjanku@xxxxxxxxxxxx>
- Date: Tue Sep 18 17:56:45 2001
- Organization: W3matrix.com
- List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>
This does not affect other servers than windoze directly, but keeps them
buzzzzy (expect timeouts as you firewals are fending the attacks).
Just wait when XP final will be released, then it will get only worse!
"
This new worm, considered VERY volatile, propagates 3 ways - via known IIS
exploits as well as through Outlook mass-emailing, AND it can be transmitted
from a web server to a browser viewing any of it's pages.
"Web servers compromised by this worm apparently attach a "readme.eml" to all
web pages served... and due to a bug in IE5, it will automatically execute
the file!"
http://slashdot.org/article.pl?sid=01/09/18/151203&mode=flat
Once the virus is set up on a client machine, it opens up shared access to
C:\. It is speculated that this virus is setting up zombie systems to
prepare for a massive denial-of-service attack on the United States' finance
and communications infrastuctures.
http://www.nipc.gov/warnings/advisories/2001/01-021.htm ;
Details are still sketchy as to what else this virus can do, but it is
imperative that servers be patched and repaired right away.
What to do:
Make sure your networks' clients are running patched versions of IE 5 or
higher.
Get the patch here:
http://www.microsoft.com/windows/ie/downloads/critical/q290108/default.asp
Or update to IE55 Service Pack 2:
http://www.microsoft.com/windows/ie/downloads/recommended/ie501sp2/default.asp
Make sure your IIS servers are running all the correct patches.
NT 4 Security Update:
http://www.microsoft.com/ntserver/nts/downloads/critical/q301625/download.asp
Windowss 2000 Security Update:
http://www.microsoft.com/Windows2000/downloads/critical/q301625/download.asp
"