How Many Here Were Hit By Code Red?
I was......twice..sitewas down for over a day once and a few hours another time.
_____________
BUILD YOUR OWN POSTER STORE FREE
http://www.etherzone.com/poster_promo.shtml
I was......twice..sitewas down for over a day once and a few hours another time.
_____________
BUILD YOUR OWN POSTER STORE FREE
http://www.etherzone.com/poster_promo.shtml
Jack Michaelson posted this at 18:04 — 13th August 2001.
He has: 1,733 posts
Joined: Dec 1999
me not
The Webmistress posted this at 18:47 — 13th August 2001.
She has: 5,586 posts
Joined: Feb 2001
Me neither
mjames posted this at 21:32 — 13th August 2001.
They have: 2,064 posts
Joined: Dec 1999
Me third.
Brooke posted this at 23:07 — 13th August 2001.
She has: 681 posts
Joined: Feb 1999
I got the email about 3-4 times but it never got my machine.
Brooke
merlin posted this at 05:12 — 14th August 2001.
They have: 410 posts
Joined: Oct 1999
nope.
m0dulus posted this at 05:36 — 14th August 2001.
They have: 84 posts
Joined: Jun 2001
I got the email about 11 times - obviously i never open an unknown file
mairving posted this at 11:04 — 14th August 2001.
They have: 2,256 posts
Joined: Feb 2001
You guys are confusing things. The email was more than likely the Sircam virus. Code Red's method of delivery is not done through email. It's method of delivery is this: the infected host will attempt to connect to TCP port 80 of randomly chosen IP addresses in order to further propagate the worm. Depending on the configuration of the host that receives this request, there are varied consequences.
It only affects Windows NT/2000 systems running MS II-s web server software. I would be very suprised if your system wasn't at least tested. Here is how to tell: if you can look in your error logs, you will see this:
/../404.shtml
/../default.ida
That is Code Red. It was a known vulnerbility that MS offered a patch for quite awhile ago.
Sircam, though quite annoying, is relatively harmless as viruses go. There are some pretty nasty variants of it out there like this one that I was sent the other day:
W32.Magistr.24876@mm. Similar to Sircam but it's payload is pretty bad. I received mine in an email attachment. The email said something about running a marathon for diabetes. Here is what it does:
Large scale e-mailing: Uses email addresses from the Windows Address Book files and Outlook Express Sent Items folder.
Causes system instability: Overwrites hard drives, erases CMOS, flashes the BIOS.
Releases confidential info: It could send confidential Microsoft Word documents to others.
Mark Irving
I have a mind like a steel trap; it is rusty and illegal in 47 states
NSS posted this at 02:01 — 17th August 2001.
They have: 488 posts
Joined: Feb 2000
Many of us may have experienced the many virus types such as the CIH, melissa, ILOVEYOU, etc,
Perhaps the below link will help you to protect your systems against future attacks. It's not 100% but at least you are aware of the various types of virus that you may encounter and ways to avoid it.
http://www.cknow.com/vtutor/vttypes.htm
taff posted this at 17:41 — 28th August 2001.
They have: 956 posts
Joined: Jun 2001
Truly annoying! All my sites are on Unix servers so there was never any real threat. However, my site logs are a mess! I've had to add a filter to remove all the *.ida requests.
As an example, one log file for Aug 1 - Aug 15 was 117 pages long (raw). After filtering, it was a mere 17 pages.
.....
Mark Hensler posted this at 17:47 — 28th August 2001.
He has: 4,048 posts
Joined: Aug 2000
my linux logs had that stuff in their too... I had no idea what it was. thx
Toeng.com posted this at 19:11 — 4th September 2001.
They have: 46 posts
Joined: Sep 2001
mine's okay
but my brother's HD got wiped by SirCam
Want to join the discussion? Create an account or log in if you already have one. Joining is fast, free and painless! We’ll even whisk you back here when you’ve finished.