VisorCentral.com - be on RED ALERT! (clicking here won't give you the virus)

VisorCentral.com >> Discussion >> Other Areas of Interest >> Off Topic
be on RED ALERT! (clicking here won't give you the virus)


	Post a New Thread \| Post A Reply

Last Thread Next Thread

Author

Topic: be on RED ALERT! (clicking here won't give you the virus)

ernieba1
Member

Registered: Dec 2000
Location: Elkins Park, Pa
Posts: 577

be on RED ALERT! (clicking here won't give you the virus)

Everybody, you've probably all ready heard that this RED ALERT virus is spreading quickly disabling website after website.

Is VC protected?

Is your site protected?

Are you protected (Windows 2000 and NT users)?

If you have Windows 2000 or NT, which are the only volnerable OS's, download a simple patch from microsoft here .

And here's an article from MSNBC about it.

HURRY UP! INSTALL THE PATCH QUICKLY IF YOU HAVEN'T ALL READY!

__________________
-Bernie

"One word sums up probably the responsibility of any vice president, and that one word is 'to be prepared'.
-Dan Quayle

Last edited by ernieba1 on 07-31-2001 at 01:23 PM

07-31-2001 01:16 PM

vaj123
Member

Registered: Mar 2001
Location: pittsburgh, pa
Posts: 72

thanks

Thank you very much for the information and links
Vicki

07-31-2001 01:35 PM

Toby
Member

Registered: Jul 2000
Location:
Posts: 3034

Re: be on RED ALERT! (clicking here won't give you the virus)

quote:
Originally posted by ernieba1
If you have Windows 2000 or NT, which are the only volnerable OS's, download a simple patch from microsoft here .

It should be noted that not all WinNT/2K users are affected by this. It is a vulnerability in Internet Information Server that is the problem. Unless one has the IIS web server installed, they shouldn't have an issue. Well, that's not entirely accurate. There are also reports of strange behavior from some Cisco devices and HP printers when the Code Red tries to contact them.

07-31-2001 03:49 PM

briker206
Member

Registered: Oct 2000
Location:
Posts: 61

More info on the printer slowdown?

Does anybody have any specifics on the HP printer slowdown? We've been having symptoms but it appears to be coming through a dedicated connection to foreign network. However I haven't gotten the equipment and software in to put up another firewall on that link. When we pull the link the printers get fast again. I haven't seen any info on this.

Any links or info would be appreciated.

Thanks

07-31-2001 04:38 PM

namja
Member

Registered: Feb 2001
Location:
Posts: 268

Excellent advice from Symantec here:
http://www.symantec.com/avcenter/ve...dered.worm.html

According to Symantec, "the CodeRed Worm affects Microsoft Index Server 2.0 and the Windows 2000 Indexing service on computers running Microsoft Windows NT 4.0 and Windows 2000 that run IIS 4.0 and 5.0 Web servers." If you're running Windows 95/98/ME, you shouldn't be affected. Also if you're not running IIS, you shouldn't be affected.

Also from about 2/3 down the page:

"'FixCodeRed Assessment Tool' is a free tool which allows you to determine if your computer is at risk. If the vulnerability is found, the tool will scan memory to determine whether the worm is present. Click here to download the tool onto your computer."

07-31-2001 06:02 PM

Toby
Member

Registered: Jul 2000
Location:
Posts: 3034

Re: More info on the printer slowdown?

quote:
Originally posted by briker206
Does anybody have any specifics on the HP printer slowdown? We've been having symptoms but it appears to be coming through a dedicated connection to foreign network. However I haven't gotten the equipment and software in to put up another firewall on that link. When we pull the link the printers get fast again. I haven't seen any info on this.

Sorry I couldn't be more specific earlier, but I was busy. Basically, this can't infect other platforms besides IIS, but it can certainly affect other platforms. The main issue comes in because Code Red scans other hosts looking for other machines to infect. Since it can't tell a non-IIS machine or patched IIS machine from a vulnerable IIS machine without trying to exploit the hole, it tries to exploit every web server it can find. This means that it can create a load on even non-vulnerable servers while they send back error messages to any and all Code Red hosts which haven't been blocked yet. Your foreign link is probably infected or connected to someone who's infected, so their scans are coming across your link and bogging down your printers with HTTP requests. As soon as they're disconnected the requests stop, and the printer performance levels return to normal.

07-31-2001 09:04 PM

ernieba1
Member

Registered: Dec 2000
Location: Elkins Park, Pa
Posts: 577

That's why everyone should download the patch!

__________________
-Bernie

"One word sums up probably the responsibility of any vice president, and that one word is 'to be prepared'.
-Dan Quayle

07-31-2001 10:20 PM

Toby
Member

Registered: Jul 2000
Location:
Posts: 3034

quote:
Originally posted by ernieba1
That's why everyone should download the patch!

The patch only fixes the vulnerability, though. If you don't have the vulnerability, the patch will be useless to you, and won't prevent the unwanted traffic.

07-31-2001 10:27 PM

All times are GMT. The time now is 10:06 PM.

Last Thread Next Thread

[

Show a Printable Version |

Email This Page to Someone! |

Receive updates to this thread ]

Forum Jump: