|
CodeRed virus hits HARD
Around 12:45 my location, Concord, CA, was hit HARD by the CodeRed version 3 virus. This is a different strain than the previous virii that hit the US last week. Version 3 is more widespread and is more powerfull because it allows the hacker to Remotely Control the infected Server. This virus infects Microsoft IIS servers running NT 4.0 & 2000.
Now what has not been released to the media yet, is that this virus INFECTS the CLIENTS! I have been tracking this all day and trying to stop the virus from spreading... about 1 hour ago we are able to separate our location from infecting other sites in our Company, however it was too late. Within 3 hours it had spread from California to Florida. This virus infects the clients and has the PC run a port scan, looking for other IIS servers in its vicinity. Once it finds an IIS server, it infects it. The IIS server is infected and can infect clients that connect to it. I know there are patches from Microsoft and Norton to clean the virus on the servers. I have yet to see a patch for our PC's. For more info, go here: http://www.symantec.com/avcenter/ven...odered.v3.html ------------------ 1994 Mustang Cobra 308ci, Vortech S-trim 11#, ported GT-40 heads, E-303 cam, FMS 1 5/8 headers, BBK Offroad H-pipe, 2-chamber flows, and several other goodies. Rebel Racing. Home of Bay Area Mustangs |
Thanks for the info.
----------------------------------------- 351W-powered 1979 Ford Mustang notchback Stock 5.8L under 4" cowl, C4 w/ shift kit Holley 750 cfm, Edelbrock Performer RPM intake 1 5/8" MAC shorty headers, Al driveshaft 2.5" Off road H-pipe, 2-chamber Flowmasters Front: 225/60/15, Rear: 255/60/15 Eagle GT II Weld wheels (15x6;15x8), 8.8" Rear w/ 3.55s 14 x 4” K&N air filter (getting the Xtreme setup someday) http://www.mustangworks.com/msgboard/cool.gif "Red, thou art my companion. Hasten now your quickened metamorphosis to Green that I may conquer all who dare abide there beside me. May they be left thither behind burnt black." ---Fox Body |
could this be why I'm getting hundreds of http port scans hitting my firewall every day?
It just started a few days ago. I always get attacks, but usually like 30 a day, now it's like 600 aday ------------------ Joe! 1988 GT, 167,000 miles!!! 13.58@105mph Check out my listing! Click here! Or my website:www.joe4speed.com 99 Ninja ZX-6R:10.32@135mph! 1993 Olds Eighty Eight LSS 16.40@88.8mph http://www.duhspot.com/users/smiley/.../outtahere.gif [This message has been edited by JL1314 (edited 08-07-2001).] |
http://enclaved.com/
my friend has a tab on all the CR v1 and v2 hits he gets. the original sends a packet of "NNN"'s, v2 sends "XXX"'s (look at his logs). yesturday there were more hits (at least on enclaveds server!). its sad that the fix is so horribly simple. one more thing, you'll notice on enclaved's site that most of the "XXX" strings are coming from *.home.com (@home cable service users). how odd. ------------------ 90LX AOD Convertible: Lakewood control arms, FMS springs. Best 1/4: 15.277@92.25 (2.27 60') AIM: dinomite1, roadracestang dinomite@softhome.net [This message has been edited by dinomite (edited 08-07-2001).] |
JL1314: very likely. This really sucks. Seems like it's always late summer when the worst of the viruses and worms hit. Heck, I'm still getting people Emailing me the SirCam worm (which Symantec upgraded to a level 4 worm!), so that makes me wonder exactly how many people have my address in their addy book! Being a 'Board moderator on a site this large, I guess quite a few. No problems yet though. Dan and I have exchanged emails about this; good thing he warned me to delete it! According to Symantec, SirCam is supposed to wipe your hard drive on October 16th. Ouch.
------------------ Capri306, Moderator, The Mustang Works Online 1979 Mercury Capri, 5.0L -- C4 -- 2.73 1987 Mustang LX Notch |
I have learned more about this virus.
It is attacking Win NT 4.0, Win 2k Pro, Win 2k Server, & Win 2k Advanced Server. You don't have to be running IIS to be infected either. With Win2k, Windows Setup installed Frontpage by default. Code Red will attack your computer if it has Front Page installed! If you want to know more and how to see if your PC is infected go here. ------------------ 1994 Mustang Cobra 308ci, Vortech S-trim 11#, ported GT-40 heads, E-303 cam, FMS 1 5/8 headers, BBK Offroad H-pipe, 2-chamber flows, and several other goodies. Rebel Racing. Home of Bay Area Mustangs |
| All times are GMT -5. The time now is 04:30 AM. |