How Many Here Were Hit By Code Red?

They have: 4 posts

Joined: Jul 2001

I was......twice..sitewas down for over a day once and a few hours another time.
_____________

BUILD YOUR OWN POSTER STORE FREE
http://www.etherzone.com/poster_promo.shtml

Jack Michaelson's picture

He has: 1,733 posts

Joined: Dec 1999

me not Smiling

The Webmistress's picture

She has: 5,586 posts

Joined: Feb 2001

Me neither Wink

mjames's picture

They have: 2,064 posts

Joined: Dec 1999

Me third. Smiling

Brooke's picture

She has: 681 posts

Joined: Feb 1999

I got the email about 3-4 times but it never got my machine.

Brooke

merlin's picture

They have: 410 posts

Joined: Oct 1999

nope. Laughing out loud

They have: 84 posts

Joined: Jun 2001

I got the email about 11 times - obviously i never open an unknown file

mairving's picture

They have: 2,256 posts

Joined: Feb 2001

You guys are confusing things. The email was more than likely the Sircam virus. Code Red's method of delivery is not done through email. It's method of delivery is this: the infected host will attempt to connect to TCP port 80 of randomly chosen IP addresses in order to further propagate the worm. Depending on the configuration of the host that receives this request, there are varied consequences.

It only affects Windows NT/2000 systems running MS II-s web server software. I would be very suprised if your system wasn't at least tested. Here is how to tell: if you can look in your error logs, you will see this:

/../404.shtml
/../default.ida

That is Code Red. It was a known vulnerbility that MS offered a patch for quite awhile ago.

Sircam, though quite annoying, is relatively harmless as viruses go. There are some pretty nasty variants of it out there like this one that I was sent the other day:
W32.Magistr.24876@mm. Similar to Sircam but it's payload is pretty bad. I received mine in an email attachment. The email said something about running a marathon for diabetes. Here is what it does:

Large scale e-mailing: Uses email addresses from the Windows Address Book files and Outlook Express Sent Items folder.
Causes system instability: Overwrites hard drives, erases CMOS, flashes the BIOS.
Releases confidential info: It could send confidential Microsoft Word documents to others.

Mark Irving
I have a mind like a steel trap; it is rusty and illegal in 47 states

They have: 488 posts

Joined: Feb 2000

Many of us may have experienced the many virus types such as the CIH, melissa, ILOVEYOU, etc,

Perhaps the below link will help you to protect your systems against future attacks. It's not 100% but at least you are aware of the various types of virus that you may encounter and ways to avoid it.

http://www.cknow.com/vtutor/vttypes.htm

taff's picture

They have: 956 posts

Joined: Jun 2001

Quote: Originally posted by mairving
It only affects Windows NT/2000 systems running MS II-s web server software. I would be very suprised if your system wasn't at least tested. Here is how to tell: if you can look in your error logs, you will see this:

[b]/../404.shtml
/../default.ida

That is Code Red. It was a known vulnerbility that MS offered a patch for quite awhile ago. [/B]

Truly annoying! All my sites are on Unix servers so there was never any real threat. However, my site logs are a mess! I've had to add a filter to remove all the *.ida requests.

As an example, one log file for Aug 1 - Aug 15 was 117 pages long (raw). After filtering, it was a mere 17 pages.

.....

Mark Hensler's picture

He has: 4,048 posts

Joined: Aug 2000

my linux logs had that stuff in their too... I had no idea what it was. thx

Toeng.com's picture

They have: 46 posts

Joined: Sep 2001

mine's okay Smiling
but my brother's HD got wiped by SirCam Sad

Want to join the discussion? Create an account or log in if you already have one. Joining is fast, free and painless! We’ll even whisk you back here when you’ve finished.