One question ... Mighten this lead to a false sense of security? With the CRv1 or CRv2 I can see this as being appropriate, but with CRII creating backdoors and then broadcasting the vulnerability, the incidence of compromises beyond the initial worm infestation is incredibly high. By automating a 'fix', and not rebuilding the box, there is no guarantee that the box is safe to be re-connected to the network; only that the worm is gone and that it can't be re-infected. If such a tool is built (which isn't all bad), it needs to be shipped with a big 'ole warning to that effect. --lcp At 07:11 PM 8/5/2001 -0600, you wrote: >Anyone on the list that is a VBScript programmer that wants to write >a disinfection tool for Code Red II? > >The scripts would need to: ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Sun Aug 05 2001 - 19:26:50 PDT