RE: [MLUG] CodeRedII - there's a variant now - (Aka, delete Win2000)

["Deterding, Brent D" <EMAIL:PROTECTED>]

It's only a default install on server; not on pro. . .BUT a lot of apps
install it on pro

-----Original Message-----
From: Ross, Matt [mailto:EMAIL:PROTECTED]
Sent: Wednesday, August 08, 2001 8:24 AM
To: EMAIL:PROTECTED
Subject: RE: [MLUG] CodeRedII - there's a variant now - (Aka, delete
Win2000)


The problem isn't so much the Web hosting.  It's Win2k, and the fact
that
the *&#@&$ing thing installs IIS...BY DEFAULT!!!!
This means your grandmother surfing the web at home could be hosting
that
worm that's tried to get you 46 times today.  This is also why ATT @home
is
getting hit so hard.  All the bumpkin users on there who didn't uncheck
"Install 'Idiotic Insecure Server'" when they got their new Win2k box,
thinking Win2k was more safe than WinME. The worm has a 50% probability
of
trying to propogate over its own class A IP.

-----Original Message-----
From: Spurling, Shannon [mailto:EMAIL:PROTECTED]
Sent: Wednesday, August 08, 2001 7:55 AM
To: EMAIL:PROTECTED
Subject: RE: [MLUG] CodeRedII - there's a variant now - READ THIS


Sad part is that any major ISP worth their salt should know better than
to
use IIS to host any thing. And they should know better than to use NT,
or
win 2K for anything to do with any thing except maybe monitoring their
infrastructure or as workstations. One piece of evidence.... Why should
a
server ever need a GUI as the default interface? I'll give you two
reason
why you shouldn't, your taking CPU and memory (and lots of it!) away
from
other processes and there is no good way to store the config from a GUI
based config for portability. Did any one here ever read the linux
kernel
debate on machine readable VS. human readable stuff in the proc file
system?
It was really interesting. Ever wonder why the windows registry is so
messed
up? Could it be because no one can understand what it's doing? That's
what
the gist of the conclusion of that thread was. Give me a nice little
OpenBSD
box any day for security, And I'll stick with Slackware for my own
workstation or a server.

Shannon Spurling
WAN Engineer -Specialist

MOREnet, Network Services, Core Network
3212 Le Mone Industrial Blvd.
Columbia, MO 65201

Main:(573) 884-7200   Fax:(573)884-6673

EMAIL:PROTECTED
EMAIL:PROTECTED

-----Original Message-----
From: Deterding, Brent D [mailto:EMAIL:PROTECTED]
Sent: Tuesday, August 07, 2001 10:09 PM
To: MLUG Members (E-mail)
Subject: [MLUG] CodeRedII - there's a variant now - READ THIS


Hey all,
	We're in INFOCON ORANGE now


	Just FYI there's a CodeRedII variant that circumvents the patch.
It's nasty. Just like CRII except it trojans something else and I'm not
sure what. 

	There's no documentation for it yet, but trust me its there. It
hit Asia first but it IS in the US now. 

	You ever see what this thing can do to an Active Directory
server? AAAAAAHHHHHHH my brain hurts. 

	Major ISPs are hurting BAD right now, as are most big companies.


	watch www.incidents.org for more information.


	Anyone want to take bets on the next version?
		I'll bet we'll see selectable targets
		Followed by atttacking the root name servers
					   ^^^^^^^^^^^^^^^^^^^^^ <--
nasty!

-- Brent

PS - I don't mean to sound like a doomsday prophet; but I spent all day
watching several class A's crumble with this. 
--
To manage your subscription, go to
http://mlug.missouri.edu/members/edit.php

Archives are available at http://mlug.missouri.edu/list-archives/
--
To manage your subscription, go to
http://mlug.missouri.edu/members/edit.php

Archives are available at http://mlug.missouri.edu/list-archives/
--
To manage your subscription, go to
http://mlug.missouri.edu/members/edit.php

Archives are available at http://mlug.missouri.edu/list-archives/
--
To manage your subscription, go to http://mlug.missouri.edu/members/edit.php

Archives are available at http://mlug.missouri.edu/list-archives/