VisorCentral.com
Show 20 posts from this thread on one page

VisorCentral.com (http://discussion.visorcentral.com/vcforum/index.php)
- Off Topic (http://discussion.visorcentral.com/vcforum/forumdisplay.php?forumid=6)
-- be on RED ALERT! (clicking here won't give you the virus) (http://discussion.visorcentral.com/vcforum/showthread.php?threadid=17284)

Posted by ernieba1 on 07-31-2001 01:16 PM:

Exclamation be on RED ALERT! (clicking here won't give you the virus)

Everybody, you've probably all ready heard that this RED ALERT virus is spreading quickly disabling website after website.

Is VC protected?

Is your site protected?

Are you protected (Windows 2000 and NT users)?

If you have Windows 2000 or NT, which are the only volnerable OS's, download a simple patch from microsoft here .

And here's an article from MSNBC about it.

HURRY UP! INSTALL THE PATCH QUICKLY IF YOU HAVEN'T ALL READY!

__________________
-Bernie

"One word sums up probably the responsibility of any vice president, and that one word is 'to be prepared'.
-Dan Quayle

Posted by vaj123 on 07-31-2001 01:35 PM:

thanks

Thank you very much for the information and links
Vicki

Posted by Toby on 07-31-2001 03:49 PM:

Re: be on RED ALERT! (clicking here won't give you the virus)

quote:
Originally posted by ernieba1
If you have Windows 2000 or NT, which are the only volnerable OS's, download a simple patch from microsoft here .
It should be noted that not all WinNT/2K users are affected by this. It is a vulnerability in Internet Information Server that is the problem. Unless one has the IIS web server installed, they shouldn't have an issue. Well, that's not entirely accurate. There are also reports of strange behavior from some Cisco devices and HP printers when the Code Red tries to contact them.

Posted by briker206 on 07-31-2001 04:38 PM:

More info on the printer slowdown?

Does anybody have any specifics on the HP printer slowdown? We've been having symptoms but it appears to be coming through a dedicated connection to foreign network. However I haven't gotten the equipment and software in to put up another firewall on that link. When we pull the link the printers get fast again. I haven't seen any info on this.

Any links or info would be appreciated.

Thanks

Posted by namja on 07-31-2001 06:02 PM:

Excellent advice from Symantec here:
http://www.symantec.com/avcenter/ve...dered.worm.html

According to Symantec, "the CodeRed Worm affects Microsoft Index Server 2.0 and the Windows 2000 Indexing service on computers running Microsoft Windows NT 4.0 and Windows 2000 that run IIS 4.0 and 5.0 Web servers." If you're running Windows 95/98/ME, you shouldn't be affected. Also if you're not running IIS, you shouldn't be affected.

Also from about 2/3 down the page:

"'FixCodeRed Assessment Tool' is a free tool which allows you to determine if your computer is at risk. If the vulnerability is found, the tool will scan memory to determine whether the worm is present. Click here to download the tool onto your computer."

Posted by Toby on 07-31-2001 09:04 PM:

Re: More info on the printer slowdown?

quote:
Originally posted by briker206
Does anybody have any specifics on the HP printer slowdown? We've been having symptoms but it appears to be coming through a dedicated connection to foreign network. However I haven't gotten the equipment and software in to put up another firewall on that link. When we pull the link the printers get fast again. I haven't seen any info on this.
Sorry I couldn't be more specific earlier, but I was busy. Basically, this can't infect other platforms besides IIS, but it can certainly affect other platforms. The main issue comes in because Code Red scans other hosts looking for other machines to infect. Since it can't tell a non-IIS machine or patched IIS machine from a vulnerable IIS machine without trying to exploit the hole, it tries to exploit every web server it can find. This means that it can create a load on even non-vulnerable servers while they send back error messages to any and all Code Red hosts which haven't been blocked yet. Your foreign link is probably infected or connected to someone who's infected, so their scans are coming across your link and bogging down your printers with HTTP requests. As soon as they're disconnected the requests stop, and the printer performance levels return to normal.

Posted by ernieba1 on 07-31-2001 10:20 PM:

That's why everyone should download the patch!

__________________
-Bernie

"One word sums up probably the responsibility of any vice president, and that one word is 'to be prepared'.
-Dan Quayle

Posted by Toby on 07-31-2001 10:27 PM:

quote:
Originally posted by ernieba1
That's why everyone should download the patch!
The patch only fixes the vulnerability, though. If you don't have the vulnerability, the patch will be useless to you, and won't prevent the unwanted traffic.
All times are GMT. The time now is 10:06 PM.
Show 20 posts from this thread on one page

Powered by: vBulletin Version 2.3.4
Copyright © Jelsoft Enterprises Limited 2000 - 2016.