Re: CR II - winME? confirmation? (Slightly OT)

From: HackHawk (hughat_private)
Date: Wed Aug 08 2001 - 12:33:24 PDT

  • Next message: Jamie Fifield: "Re: Intrusion Automation"

    At 02:48 PM 8/8/01 +1200, Jason Haar wrote:
    >On Tue, Aug 07, 2001 at 04:55:50PM -0700, Amer Karim wrote:
    > > strangely.  Found out he was running W2K Pro w/ IIS installed (had a site
    > > running w/ pics of his family), and when I asked him if he’d patched it for
    > > the original CR he just gave a blank look ­ followed by “I though that was
    > > only for servers.” …I just about put my head through the wall.  All my 
    > F/W’s
    
    I'm connected to an Earthlink DSL line.  Port 80 is getting hit about once 
    every 30 to 90 seconds from a Code Red infected machine.
    
    As a test, I connected to some of these systems with the UNICODE file 
    execution string posted back in October/November of 2000.  Out of 5 systems 
    tested, (100%) 5 systems had not even patched that bug from last 
    year!!!!  People in general are just clueless about what's going on.
    
    It is a script kiddie heaven on Earthlink DSL lines!
    
    - hh
    
    >:-)
    >
    >Last week on our national radio station here in New Zealand, a rep from
    >Sophos said that all companies should be ensuring they have installed the
    >patch before the next wave of CodeRed went out. He then went on to
    >*explicitly* state that home users didn't have to worry about it as it only
    >affected commercial sites! :-/
    >
    >--
    >Cheers
    >
    >Jason Haar
    >
    >Unix/Special Projects, Trimble NZ
    >Phone: +64 3 9635 377 Fax: +64 3 9635 417
    



    This archive was generated by hypermail 2b30 : Fri Aug 10 2001 - 11:11:19 PDT