Full analysis of the .ida "Code Red" worm - solve the problem

From: Frank Steinert (Frank.Steinertat_private)
Date: Fri Jul 20 2001 - 05:47:09 PDT

Next message: Bugtraq Account: "Origin of Code Red worm?"

Previous message: Berislav Kucan: "Coverage on Code Red worm"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

To protect your IIS against it you can do this:

Remove the ".ida" entries in ISAPI-assignments of each site. There for you
can use the management console -> basic directory -> (application settings)
-> configuration.

A simple other way is to remove idq.dll from your system32 directory, if you
don't use the index server.


Since we've done this, our servers are immune.


* 
* Frank Steinert
* mailto:Frank.Steinertat_private
* http://www.protime.de
*
* proTime GmbH
* Josef-von-Fraunhofer-Str. 9
* D-83209 Prien
* Tel: 08051-6916-25
* Fax: 08051-6916-11
*

Next message: Bugtraq Account: "Origin of Code Red worm?"
Previous message: Berislav Kucan: "Coverage on Code Red worm"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Jul 20 2001 - 14:47:47 PDT