Re: A code red that could bring down the net?

[security curmudgeon <jericho () attrition org>]

> Although I agree on the funny part, I would suppose that M$ has patched
> up it´s own servers .. 

Or not.

http://www.attrition.org/security/commentary/ms16.html

Earlier today, two Microsoft Web sites fell victim to a new worm making
the rounds nicknamed the '.ida "Code Red" worm' because part of the worm
is designed to deface Web pages with the text "Hacked by Chinese" and also
because Code Red Mountain Dew was apparently the only thing that kept
employees from eEye Digital Security awake all last night to be able to
disassemble the worm in detail. 

The worm propagates itself via Microsoft IIS Web servers through the .ida
buffer overflow attack published a few weeks ago. The worm then sets
itself up on the infected system and creates 99 other "threads" or
instances of the virus to spread the worm to other Web servers. 

Full details of the worm can be found here: 
http://www.eeye.com/html/Research/Advisories/AL20010717.html

The sites hit included the Windows Update Server
(www.windowsupdate.microsoft.com). According to the regular page: 

Windows Update is the online extension of Windows that helps you get the
most out of your computer. 

[snip..]