Oliver, This is a standard attack pattern from the worm. Check your system for either the ida.dll or the idq.dll. If you do not have either of these dll files then do not worry about it. Plus, you need to have Internet service running on your box. I have not seen anyone who has been infected by this worm using a Windows 9x or ME machines. I do not have these services running and I have recieved 306 attacks in 22 hours from the worm on my *nix firewall. Steve Gibson's theory is not as scary as it seems. *nix has been using raw sockets for years. The real issue here, is never place a windows machine directly on the Internet without maintaining it properly. I would place a good hardened firewall in front of any Microsoft machine before connecting to the Internet. Greg PS- What does not make sense in the article -----Original Message----- From: Petruzel, Oliver [mailto:OliverPat_private] Sent: Monday, August 06, 2001 8:01 AM To: VULN-DEVat_private Subject: CR II - winME? confirmation? ok, this makes no sense, and ive only see it one place: http://www.securitynewsportal.com/article.php?sid=1367 I'm just wondering if this is popping up anywhere else. If it is, then it cant be CR2 as we know it, and it opens up a can of worms that is scary. Similar even, to Steve Gibson's prediction that a consumer based OS with a big hole would do serious damage. but again, since IIS is CR, then this was either a big fat anaonymous lie, or something different. Anyone seen any discussion on this? -o.p.
This archive was generated by hypermail 2b30 : Mon Aug 06 2001 - 10:48:26 PDT