----- Original Message ----- From: "CERT Advisory" <cert-advisoryat_private> To: <cert-advisoryat_private> Sent: Sunday, July 29, 2001 3:23 PM Subject: Public Alert about the Code Red worm > -----BEGIN PGP SIGNED MESSAGE----- > > > > We the CERT/CC, along with other organizations listed below are > jointly publishing this alert about a serious threat to the Internet > > For Immediate Release: 3:00 PM EDT July 29, 2001 > > A Very Real and Present Threat to the Internet: July 31 Deadline For Action > > Summary: The Code Red Worm and mutations of the worm pose a continued > and serious threat to Internet users. Immediate action is required to > combat this threat. Users who have deployed software that is > vulnerable to the worm (Microsoft IIS Versions 4.0 and 5.0) must > install, if they have not done so already, a vital security patch. > > How Big Is The Problem? > > On July 19, the Code Red worm infected more than 250,000 systems in > just 9 hours. The worm scans the Internet, identifies vulnerable > systems, and infects these systems by installing itself. Each newly > installed worm joins all the others causing the rate of scanning to > grow rapidly. This uncontrolled growth in scanning directly decreases > the speed of the Internet and can cause sporadic but widespread > outages among all types of systems. Code Red is likely to start > spreading again on July 31st, 2001 8:00 PM EDT and has mutated so that > it may be even more dangerous. This spread has the potential to > disrupt business and personal use of the Internet for applications > such as electronic commerce, email and entertainment. > > Who Must Act? > > Every organization or person who has Windows NT or Windows 2000 > systems AND the IIS web server software may be vulnerable. IIS is > installed automatically for many applications. If you are not certain, > follow the instructions attached to determine whether you are running > IIS 4.0 or 5.0. If you are using Windows 95, Windows 98, or Windows > Me, there is no action that you need to take in response to this > alert. > > What To Do If You Are Vulnerable? > > a. To rid your machine of the current worm, reboot your computer. > b. To protect your system from re-infection: Install Microsoft?s patch for the Code Red vulnerability problem: > * Windows NT version 4.0: http://www.microsoft.com/Downloads/Release.asp?ReleaseID=30833 > * Windows 2000 Professional, Server and Advanced Server: http://www.microsoft.com/Downloads/Release.asp?ReleaseID=30800 > > Step-by-step instructions for these actions are posted at > www.digitalisland.com/codered > > Microsoft's description of the patch and its installation, and the > vulnerability it addresses is posted at: > > http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/ bulletin/MS01-033.asp > > Because of the importance of this threat, this alert is being made > jointly by: > > Microsoft > The National Infrastructure Protection Center > Federal Computer Incident Response Center (FedCIRC) > Information Technology Association of America (ITAA) > CERT Coordination Center > SANS Institute > Internet Security Systems > Internet Security Alliance > > -----BEGIN PGP SIGNATURE----- > Version: PGP 6.5.8 > > iQCVAwUBO2RpCgYcfu8gsZJZAQGFrAP/TzyQ7lyshdKb7XeNNaVTFAZzO1hB1vKG > CZsaPxzqF2/GMgAQJ8HNum43QBSzr+H96f/5c7Op9ac1SefzuyWs14z+BhBXr6mf > Io9vClcL3h9saqV/J1Bkv0psYhhImTgLvAWZIYneYMuvY39zjxLC2/jkKLw8dWze > lcdFPH5j9vE= > =3biQ > -----END PGP SIGNATURE-----
This archive was generated by hypermail 2b30 : Sun Jul 29 2001 - 22:51:10 PDT