-----Original Message----- From: Russ [mailto:Russ.Cooperat_private] Sent: Tuesday, March 11, 2003 1:28 PM To: NTBUGTRAQat_private Subject: Alert: New Code Red F worming its way through the 'net FYI, at 10:15am EST this morning WormCatcher detected a new variant of Code Red, called Code.Red.F, worming its way through hosts from Finland, the U.S., and Australia. Since then it has continued, slowly, infecting more hosts around the globe. The infection method is the same as the original Code Red, so the protections are the same; - Remove IIS from the box completely - Remove Script Mappings, particularly .IDA mappings - Patch (MS01-033) Too bad ISPs don't block access to attacking IIS boxes the way they did with Slammer. This version appears to eliminate or change the drop-dead date that previous versions of Code Red had. If you're interested in WormCatcher, check out; http://www.ntbugtraq.com/wormcatcher.asp Cheers, Russ - Surgeon General of TruSecure Corporation/NTBugtraq Editor "My thoughts are facts in my world, opinion to you. YMMV" oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo Delivery co-sponsored by TruSecure oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo FREE 14-DAY TRIAL of New Threat & Vulnerability Notification Service TruSecure's new IntelliShield(tm) web-based threat and vulnerability service isn't your typical alert service. Supported by TruSecure's vast intelligence resources - including the ICSA Labs - IntelliShield's early warning, analysis, decision support, and threat management tools provide organizations with unmatched intelligence to better protect critical information assets. Experience it for yourself - just click below to begin your FREE, NO OBLIGATION 14-day trial today! http://www.trusecure.com/offer/s0074/ oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo ********************************************************************** This message is a PRIVILEGED AND CONFIDENTIAL communication, and is intended only for the individual(s) named herein or others specifically authorized to receive the communication. If you are not the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this communication in error, please notify the sender of the error immediately, do not read or use the communication in any manner, destroy all copies, and delete it from your system if the communication was sent via email. ********************************************************************** ---------------------------------------------------------------------------- <Pre>Lose another weekend managing your IDS? Take back your personal time. 15-day free trial of StillSecure Border Guard.</Pre> <A href="http://www.securityfocus.com/stillsecure"> http://www.securityfocus.com/stillsecure </A>
This archive was generated by hypermail 2b30 : Tue Mar 11 2003 - 12:54:17 PST