Re: [FWDLK] Virus possible?
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FWDLK] Virus possible?



This virus (really a buffer exploit) does not get transmitted via email.  Most virus checkers won't even pick this up, as it really isn't a virus per se, but a security hole in Internet Information Server 4.0 and 5.0 (IIS) on Windows 2000 or NT4 -Server- only.  If you're not running a web server on your Windows machine, you're not really at risk.
 
Techy Stuff:
 
Your environment is at HIGH RISK if:
 
1) You have Microsoft IIS server installed with Windows 2000.
 
2) You have NOT updated this server with the latest patch from Microsoft.
 
The exploit, a buffer overflow, is used to spread this worm (Unchecked Buffer in Index Server ISAPI Extension Could Enable Web Server Compromise).
 
THIS VIRUS EXISTS IN MEMORY ONLY (however, the .C variant does write a trojan program to the hard disk).
 
It spreads through TCP/IP transmissions on port 80 (web sites). By making use of this exploit, the worm is able to send itself as a TCP/IP stream directly to the its victims, which in turn scans the web for other systems to infect.
 
-Dave
 
-----Original Message-----
From: Mike & Sharon Higgins [mailto:[email protected]]
Sent: Thursday, August 09, 2001 11:09 AM
To: [email protected]
Subject: [FWDLK] Virus possible?

Just FYI
I scanned for viruses this morning and found two infected files.  They were infected with the new CODE RED virus.  My Norton quarantined and eliminated them, but I ask that you check your machine to be sure I've not sent anything inadvertently



Home Back to the Home of the Forward Look Network


Copyright © The Forward Look Network. All rights reserved.

Opinions expressed in posts reflect the views of their respective authors.
This site contains affiliate links for which we may be compensated.