copyright | disclaimer | privacy | contact  
Australia's Leading Computer Emergency Response Team
 
Search this site

 
On this site

 > HOME
 > About AusCERT
 > Membership
 > Contact Us
 > PKI Services
 > Training
 > Publications
 > Sec. Bulletins
 > Conferences
 > News & Media
 > Services
 > Web Log
 > Site Map
 > Site Help
 > Member login

  Home » Security Bul... » AU-2001.006 -- AusCERT Update - "Code Red" IIS worm
 

AU-2001.006 -- AusCERT Update - "Code Red" IIS worm
Date: 18 July 2001

Click here for printable version
Click here for PGP verifiable version
AusCERT Update - "Code Red" IIS worm
18 July 2001

-----BEGIN PGP SIGNED MESSAGE-----

Dear AusCERT member,

AusCERT has been made aware of the possible existence of a new worm that
targets a recently patched vulnerability in the Microsoft Internet
Information Server (IIS) Indexing Service DLL.

The worm has been nicknamed "Code Red" by eEye Digital Security, who have
published an alert at:

	http://www.eeye.com/html/Research/Advisories/AL20010717.html

This worm allegedly has the potential to affect sites in two distinct
ways. The exploit has a web defacement component which may result in the
default page for a site being replaced with one containing the words
"Hacked by Chinese". Additionally, the manner in which the worm propagates
may have a denial-of-service effect on sites targeted early in an outbreak.

Sites are strongly encouraged to apply the Microsoft patch listed in the
AusCERT External Security Bulletins:

	ftp://ftp.auscert.org.au/pub/auscert/ESB/ESB-2001.238
	ftp://ftp.auscert.org.au/pub/auscert/ESB/ESB-2001.241

AusCERT stress that this worm has the potential to adversely affect member
sites, and we encourage system administrators to be alert for evidence of
any activity on their systems that may indicate its presence.  If you have
any questions or comments on this issue, please contact AusCERT.


Regards,
The AusCERT Team.

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld  4072

Internet Email: auscert@auscert.org.au
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AUSCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for emergencies.
Facsimile:      (07) 3365 7031
===========================================================================

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3i
Charset: noconv
Comment: ftp://ftp.auscert.org.au/pub/auscert/AUSCERT_PGP.key

iQCVAwUBO1WnFih9+71yA2DNAQF/JQP8CJYfaEBwVzsKZBFcaKm9rSi+1Tf+lwf+
8H+Ro/ot0xk/QB3HqDp5fh33QDAW3tz8xhAN6Eb7oirxUmUn96rijmcS5z9XAdhe
Pht4upoBMbcpMqww6RjXZTE965fGsuMEfura2tMQ+37yE3rgfZTZwdG8SFTQ3Kgj
C+9n7Z6rKTQ=
=zjyi
-----END PGP SIGNATURE-----




Comments? Click here http://www.auscert.org.au/render.html?cid=1&it=122