[21997] in bugtraq
Fw: Public Alert about the Code Red worm
daemon@ATHENA.MIT.EDU (Tony Hagale)
Mon Jul 30 01:52:11 2001
Message-ID: <001301c11888$67bd4280$4700000a@hagale.net>
Reply-To: "Tony Hagale" <tony@hagale.net>
From: "Tony Hagale" <tony@hagale.net>
To: <bugtraq@securityfocus.com>
Date: Sun, 29 Jul 2001 18:44:27 -0500
MIME-Version: 1.0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
----- Original Message -----
From: "CERT Advisory" <cert-advisory@cert.org>
To: <cert-advisory@cert.org>
Sent: Sunday, July 29, 2001 3:23 PM
Subject: Public Alert about the Code Red worm
> -----BEGIN PGP SIGNED MESSAGE-----
>
>
>
> We the CERT/CC, along with other organizations listed below are
> jointly publishing this alert about a serious threat to the Internet
>
> For Immediate Release: 3:00 PM EDT July 29, 2001
>
> A Very Real and Present Threat to the Internet: July 31 Deadline For
Action
>
> Summary: The Code Red Worm and mutations of the worm pose a continued
> and serious threat to Internet users. Immediate action is required to
> combat this threat. Users who have deployed software that is
> vulnerable to the worm (Microsoft IIS Versions 4.0 and 5.0) must
> install, if they have not done so already, a vital security patch.
>
> How Big Is The Problem?
>
> On July 19, the Code Red worm infected more than 250,000 systems in
> just 9 hours. The worm scans the Internet, identifies vulnerable
> systems, and infects these systems by installing itself. Each newly
> installed worm joins all the others causing the rate of scanning to
> grow rapidly. This uncontrolled growth in scanning directly decreases
> the speed of the Internet and can cause sporadic but widespread
> outages among all types of systems. Code Red is likely to start
> spreading again on July 31st, 2001 8:00 PM EDT and has mutated so that
> it may be even more dangerous. This spread has the potential to
> disrupt business and personal use of the Internet for applications
> such as electronic commerce, email and entertainment.
>
> Who Must Act?
>
> Every organization or person who has Windows NT or Windows 2000
> systems AND the IIS web server software may be vulnerable. IIS is
> installed automatically for many applications. If you are not certain,
> follow the instructions attached to determine whether you are running
> IIS 4.0 or 5.0. If you are using Windows 95, Windows 98, or Windows
> Me, there is no action that you need to take in response to this
> alert.
>
> What To Do If You Are Vulnerable?
>
> a. To rid your machine of the current worm, reboot your computer.
> b. To protect your system from re-infection: Install Microsoft?s patch for
the Code Red vulnerability problem:
> * Windows NT version 4.0:
http://www.microsoft.com/Downloads/Release.asp?ReleaseID=30833
> * Windows 2000 Professional, Server and Advanced Server:
http://www.microsoft.com/Downloads/Release.asp?ReleaseID=30800
>
> Step-by-step instructions for these actions are posted at
> www.digitalisland.com/codered
>
> Microsoft's description of the patch and its installation, and the
> vulnerability it addresses is posted at:
>
>
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/
bulletin/MS01-033.asp
>
> Because of the importance of this threat, this alert is being made
> jointly by:
>
> Microsoft
> The National Infrastructure Protection Center
> Federal Computer Incident Response Center (FedCIRC)
> Information Technology Association of America (ITAA)
> CERT Coordination Center
> SANS Institute
> Internet Security Systems
> Internet Security Alliance
>
> -----BEGIN PGP SIGNATURE-----
> Version: PGP 6.5.8
>
> iQCVAwUBO2RpCgYcfu8gsZJZAQGFrAP/TzyQ7lyshdKb7XeNNaVTFAZzO1hB1vKG
> CZsaPxzqF2/GMgAQJ8HNum43QBSzr+H96f/5c7Op9ac1SefzuyWs14z+BhBXr6mf
> Io9vClcL3h9saqV/J1Bkv0psYhhImTgLvAWZIYneYMuvY39zjxLC2/jkKLw8dWze
> lcdFPH5j9vE=
> =3biQ
> -----END PGP SIGNATURE-----
