[21747] in bugtraq


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Full analysis of the .ida "Code Red" worm - solve the problem

daemon@ATHENA.MIT.EDU (Frank Steinert)
Fri Jul 20 17:48:53 2001

Message-ID: <B162B2F608FCD2119A2B0000E85E6210609292@SERVER>
From: Frank Steinert <Frank.Steinert@protime.de>
To: bugtraq@securityfocus.com
Date: Fri, 20 Jul 2001 14:47:09 +0200
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"

To protect your IIS against it you can do this:

Remove the ".ida" entries in ISAPI-assignments of each site. There for you
can use the management console -> basic directory -> (application settings)
-> configuration.

A simple other way is to remove idq.dll from your system32 directory, if you
don't use the index server.


Since we've done this, our servers are immune.


* 
* Frank Steinert
* mailto:Frank.Steinert@protime.de
* http://www.protime.de
*
* proTime GmbH
* Josef-von-Fraunhofer-Str. 9
* D-83209 Prien
* Tel: 08051-6916-25
* Fax: 08051-6916-11
*


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[21747] in bugtraq

Full analysis of the .ida "Code Red" worm - solve the problem

daemon@ATHENA.MIT.EDU (Frank Steinert)Fri Jul 20 17:48:53 2001

daemon@ATHENA.MIT.EDU (Frank Steinert)
Fri Jul 20 17:48:53 2001