LISTSERV - ATEG Archives - LISTSERV.MIAMIOH.EDU

ATEG Archives

August 2001

ATEG@LISTSERV.MIAMIOH.EDU

	LISTSERV Archives
	ATEG Home
	ATEG August 2001

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Monospaced Font Show Text Part by Default Show All Mail Headers
Message:	[<< First] [< Prev] [Next >] [Last >>]
Topic:	[<< First] [< Prev] [Next >] [Last >>]
Author:	[<< First] [< Prev] [Next >] [Last >>]

Subject:	Re: WARNING! Code Red Worm
From:	Omar <[log in to unmask]>
Reply To:	Assembly for the Teaching of English Grammar <[log in to unmask]>
Date:	Thu, 30 Aug 2001 12:10:19 +0300
Content-Type:	text/plain
Parts/Attachments:	text/plain (62 lines)

>>My computer says the attachments from this recent posting from "anhvu" on
>>the listserve are infected.  DO NOT OPEN!!!
>>
>>
>>From:         anhvu <[log in to unmask]>

This was immediately suspicious. A one-hundred kilobyte message?

I hope that list members will refrain from posting attachments to this
list. And also from posting in HTML fomat. Sending attachments to a
list is generally a bad idea and virus infections may be spread by
code imbedded in HTML messages that calls the virus when the message
is opened from a machine that is still online. Anything that
absolutely needs to be distributed can be posted on the web and the
URL announced on the list. The defunct e-groups issued all of their
electronic forums with a "vault" expressly for file distribution.


CODE RED WORM

If you who may be running WinNT or Win2000 operating systems and have
not expressly taken precautions to protect yourself you are exposed to
attack. The worm is a parasite that enables those who distribute it to
control infected machines remotely via the Windows IIS Personal Web
Server. Estimates are that some 100,000 personal computers around the
world are now Code Red zombies. Most people operating infected
machines are unaware of the presence of a virus that has turned their
machines collectively into a powerful weapon in the hands of persons
unknown.

The worm enters your computer while you are online by probing your
ports and entering, typically, through port 80, if it finds it open. A
friend of mine who is online most of the time intercepts 5 to 10 of
these worms a day. The first massive attack on July 1st infected more
than 300,000 machines world wide in the space of twelve hours. A
second wave occurred on August 1st, a third is expected on Saturday,
September 1st.

Please investigate this yourselves. Check to see whether or not you
are running Microsoft Personal Web server - some implementations of
Windows install this as default. If you are, then assume that you are
infected. Check the Microsoft web site and take steps to remove the
worm and then either shut down IIS or download and install the MS
patch to protect yourself from the worm if you continue to use IIS.
The patch is not effective if your machine is already infected.

The worm does not appear to be designed to damage your system or your
hardware, but rather to use your equipment for purposes that are
impossible to ascertain.


Best regards,


Omar

To join or leave this LISTSERV list, please visit the list's web interface at:
     http://listserv.muohio.edu/archives/ateg.html
and select "Join or leave the list"

Visit ATEG's web site at http://ateg.org/

ATOM RSS1 RSS2

LISTSERV.MIAMIOH.EDU