On Mon, 13 Aug 2001 16:27:35 -0400 Garreth Jeremiah/Markham/IBM <gjeremiaat_private> wrote: > I have been receiving a number of reports suggesting that on certain > devices, after full patching and cleaning - the /C and /D keep coming back > after a reboot. > > Anyone explain what is happening? Is this an IIS thing or a Windows thing? We had one machine infected by the original Code Red in July. It was patched and rebooted and was fine (despite being exposed to lots of probes) until CR II arrived when it was again compromised. This was a mild disaster since CR II then spread on our internal network behind the firewall. [ yes we had scanned and shutdown/patched *most* of the vulnerable systems regardless of whether they were protected by the firewall or not -- with 1000s of machines that come and go you never get them all :( ] I too would be very interested to know how this happened and if there are any extra precautions one can take. Russell Fulton, Computer and Network Security Officer The University of Auckland, New Zealand ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Mon Aug 13 2001 - 15:31:49 PDT