FW: Alert: New Code Red F worming its way through the 'net

["Robinson, Sonja" <SRobinson () HIPUSA com>]

-----Original Message-----
From: Russ [mailto:Russ.Cooper () RC ON CA] 
Sent: Tuesday, March 11, 2003 1:28 PM
To: NTBUGTRAQ () LISTSERV NTBUGTRAQ COM
Subject: Alert: New Code Red F worming its way through the 'net


FYI, at 10:15am EST this morning WormCatcher detected a new variant of Code
Red, called Code.Red.F, worming its way through hosts from Finland, the
U.S., and Australia. Since then it has continued, slowly, infecting more
hosts around the globe.

The infection method is the same as the original Code Red, so the
protections are the same;

- Remove IIS from the box completely
- Remove Script Mappings, particularly .IDA mappings
- Patch (MS01-033)

Too bad ISPs don't block access to attacking IIS boxes the way they did with
Slammer. This version appears to eliminate or change the drop-dead date that
previous versions of Code Red had.

If you're interested in WormCatcher, check out;

http://www.ntbugtraq.com/wormcatcher.asp

Cheers,
Russ - Surgeon General of TruSecure Corporation/NTBugtraq Editor "My
thoughts are facts in my world, opinion to you. YMMV"

oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
Delivery co-sponsored by TruSecure
oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
FREE 14-DAY TRIAL of New Threat & Vulnerability Notification Service

TruSecure's new IntelliShield(tm) web-based threat and vulnerability service
isn't your typical alert service. Supported by TruSecure's vast intelligence
resources - including the ICSA Labs - IntelliShield's early warning,
analysis, decision support, and threat management tools provide
organizations with unmatched intelligence to better protect critical
information assets. Experience it for yourself - just click below to begin
your FREE, NO OBLIGATION 14-day trial today!

http://www.trusecure.com/offer/s0074/

oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo


**********************************************************************
This message is a PRIVILEGED AND CONFIDENTIAL communication, and is intended only for the individual(s) named herein or 
others specifically authorized to receive the communication. If you are not the intended recipient, you are hereby 
notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have 
received this communication in error, please notify the sender of the error immediately, do not read or use the 
communication in any manner, destroy all copies, and delete it from your system if the communication was sent via 
email. 




**********************************************************************


----------------------------------------------------------------------------

<Pre>Lose another weekend managing your IDS?
Take back your personal time.
15-day free trial of StillSecure Border Guard.</Pre>
<A href="http://www.securityfocus.com/stillsecure";> http://www.securityfocus.com/stillsecure </A>