FW: Alert: New Code Red F worming its way through the 'net Mar 11 2003 07:41PM
Robinson, Sonja (SRobinson HIPUSA com)

-----Original Message-----
From: Russ [mailto:Russ.Cooper (at) RC.ON (dot) CA [email concealed]]
Sent: Tuesday, March 11, 2003 1:28 PM
To: NTBUGTRAQ (at) LISTSERV.NTBUGTRAQ (dot) COM [email concealed]
Subject: Alert: New Code Red F worming its way through the 'net

FYI, at 10:15am EST this morning WormCatcher detected a new variant of Code
Red, called Code.Red.F, worming its way through hosts from Finland, the
U.S., and Australia. Since then it has continued, slowly, infecting more
hosts around the globe.

The infection method is the same as the original Code Red, so the
protections are the same;

- Remove IIS from the box completely
- Remove Script Mappings, particularly .IDA mappings
- Patch (MS01-033)

Too bad ISPs don't block access to attacking IIS boxes the way they did with
Slammer. This version appears to eliminate or change the drop-dead date that
previous versions of Code Red had.

If you're interested in WormCatcher, check out;

Russ - Surgeon General of TruSecure Corporation/NTBugtraq Editor "My
thoughts are facts in my world, opinion to you. YMMV"

Delivery co-sponsored by TruSecure
FREE 14-DAY TRIAL of New Threat & Vulnerability Notification Service

TruSecure's new IntelliShield(tm) web-based threat and vulnerability service
isn't your typical alert service. Supported by TruSecure's vast intelligence
resources - including the ICSA Labs - IntelliShield's early warning,
analysis, decision support, and threat management tools provide
organizations with unmatched intelligence to better protect critical
information assets. Experience it for yourself - just click below to begin
your FREE, NO OBLIGATION 14-day trial today!


This message is a PRIVILEGED AND CONFIDENTIAL communication, and is intended only for the individual(s) named herein or others specifically authorized to receive the communication. If you are not the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this communication in error, please notify the sender of the error immediately, do not read or use the communication in any manner, destroy all copies, and delete it from your system if the communication was sent via email.



<Pre>Lose another weekend managing your IDS?
Take back your personal time.
15-day free trial of StillSecure Border Guard.</Pre>
<A href=""> </A>

[ reply ]


Privacy Statement
Copyright 2010, SecurityFocus