[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [cobalt-users] worm attack

Subject: RE: [cobalt-users] worm attack
From: "Larkin Cunningham" <lcunningham@xxxxxxxxxxxxx>
Date: Wed Sep 19 01:45:21 2001
List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>

Would a symptom of this worm be lots of internet traffic simultaneously
going in and out of your client windows PC despite not doing anything that
should cause such traffic? I noticed the Trivial FTP executable (tftp.exe)
going mad on my windoze 2000BC laptop. I couldn't kill the processes, so I
had to lock it with my personal firewall.

If there is a simple explanation to the above I would be glad to know so I
can stop worrying about being mysteriously infected.

Thanks...

Larkin Cunningham

> -----Original Message-----
> From: cobalt-users-admin@xxxxxxxxxxxxxxx
> [mailto:cobalt-users-admin@xxxxxxxxxxxxxxx]On Behalf Of Lumir G Janku
> Sent: 18 September 2001 21:00
> To: cobalt-users@xxxxxxxxxxxxxxx
> Subject: [cobalt-users] worm attack
>
>
> This does not affect other servers than windoze directly, but keeps them
> buzzzzy (expect timeouts as you firewals are fending the attacks).
> Just wait when XP final will be released, then it will get only worse!
>
> "
> This new worm, considered VERY volatile, propagates 3 ways - via
> known IIS
> exploits as well as through Outlook mass-emailing, AND it can be
> transmitted
> from a web server to a browser viewing any of it's pages.  
>
> "Web servers compromised by this worm apparently attach a
> "readme.eml" to all
> web pages served... and due to a bug in IE5, it will
> automatically execute
> the file!"
> http://slashdot.org/article.pl?sid=01/09/18/151203&mode=flat
>
> Once the virus is set up on a client machine, it opens up shared
> access to
> C:\.  It is speculated that this virus is setting up zombie systems to
> prepare for a massive denial-of-service attack on the United
> States' finance
> and communications infrastuctures.
> http://www.nipc.gov/warnings/advisories/2001/01-021.htm ;
>
> Details are still sketchy as to what else this virus can do, but it is
> imperative that servers be patched and repaired right away.
>
>
> What to do:
>
> Make sure your networks' clients are running patched versions of IE 5 or
> higher.  
>
> Get the patch here:
> http://www.microsoft.com/windows/ie/downloads/critical/q290108/default.asp
>
> Or update to IE55 Service Pack 2:
> http://www.microsoft.com/windows/ie/downloads/recommended/ie501sp2
/default.asp


Make sure your IIS servers are running all the correct patches.

NT 4 Security Update:
http://www.microsoft.com/ntserver/nts/downloads/critical/q301625/download.as
p

Windowss 2000 Security Update:
http://www.microsoft.com/Windows2000/downloads/critical/q301625/download.asp
"

_______________________________________________
cobalt-users mailing list
cobalt-users@xxxxxxxxxxxxxxx
To Subscribe or Unsubscribe, please go to:
http://list.cobalt.com/mailman/listinfo/cobalt-users

Follow-Ups:
- RE: [cobalt-users] worm attack
  - From: flash22
- Re: [cobalt-users] worm attack
  - From: Marco Baurdoux

References:
- [cobalt-users] worm attack
  - From: Lumir G Janku

Prev by Date: [cobalt-users] Qube 2 - MySQL
Next by Date: RE: [cobalt-users] Nimba scanner shell script
Previous by thread: [cobalt-users] worm attack
Next by thread: RE: [cobalt-users] worm attack

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index