|
This
virus (really a buffer exploit) does not get transmitted via email. Most
virus checkers won't even pick this up, as it really isn't a virus per se, but a
security hole in Internet Information Server 4.0 and 5.0 (IIS) on Windows 2000
or NT4 -Server- only. If you're not running a web server on your Windows
machine, you're not really at risk.
Techy
Stuff:
Your
environment is at HIGH RISK if:
1) You have Microsoft IIS server
installed with Windows 2000.
2) You have NOT updated this server
with the latest patch
from Microsoft.
The exploit, a buffer overflow, is
used to spread this worm (Unchecked Buffer in Index Server ISAPI Extension Could
Enable Web Server Compromise).
THIS VIRUS EXISTS IN MEMORY ONLY
(however, the .C variant does write a trojan program to the hard disk).
It spreads through TCP/IP
transmissions on port 80 (web sites). By
making use of this exploit, the worm is able to send itself as a TCP/IP stream
directly to the its victims, which in turn scans the web for other systems to
infect.
-Dave
Just FYI
I scanned for viruses this
morning and found two infected files. They were infected with the new CODE
RED virus. My Norton quarantined and eliminated them, but I ask that you
check your machine to be sure I've not sent anything
inadvertently
| 
Back to the Home of the Forward Look Network