Welcome to WebmasterWorld Guest from 18.104.22.168
Forum Moderators: phranque
According to an analysis by Marc Maiffret of eeye.com, the new version uses the same infection techniques, but does not contain the www.whitehouse.gov DOS.
Soooo...if you haven't or know someone who hasn't patched their IIS system yet....
Unfortunately this virus is hurting more than IIS systems. Public access to my site is sporadic at best. Here's what the tech told me about the problem:
Hi, currently one of our main network providers is experiencing massive connectivity problems due to a new variant of the Code Red Virus. Our servers have not been affected by this virus since we're running Linux on all of our servers. The virus is bogging down many networks and this is causing the intermittent connectivity issues you are currently experiencing.
[rant]Microsoft should be held criminally liable for the cr@p they sell. In the very least, the government needs to step in and force Microsoft to recall the shoddy operating systems.[/rant]
I installed a application based firewall this last week and the port scans I see going on across the @home network is insane! In the last 2 days I have been scanned well into the thousands of times .... and some times it gets a little demanding to the point of the firewall eating up a lot of resources. In fact I have been scanned over 20 time just in writing this little paragraph arrgh Now I am not 100% sure its all because of the worm but, I can not imagine that many people scanning ports a day looking for weaknesses though with the web anything may be possible!
Well, if my logs are any indicator of the average, then I'd have to assume there's a lotta IIS home installations out there. There are a ton of entries from cable modem networks, addresses that would seem to indicate PPP connections, and DSL. Probably people who just thought it'd be cool to run their own webserver, or people who purchased a machine and didn't know it was running on there.
Many companies, the one I work for included, lease their computers for a set amount of time. At the end of that lease, the company can either return the computers, or purchase them. In our case, and many others, after we buy them back, we sell them to any employee who happens to want one (or two...). While we wipe the computers clean before selling them, that still means a bunch of employees will now have a machine running Windows NT, and capabable of running IIS.
Add to that the number of home users who simply want the latest greatest thing from Microsoft (yes they are out there!) and you wind up with a bunch of home users with Windows NT and W2K. A quick scan of some of the hosts in my log on Netcraft seems to suggest a high usage of W2K. Not suprising, when I think back on it, seeing tons of advertising in places like OfficeMax. Or, people who started using it at work, and decided to "borrow" a copy for home. ;)
It's hard to understand why the media is now saying it has pretty much come to an end. That things are getting back to normal.
I see more in my log files today than all the previous days combined.
<rant>How long must the world suffer the pranks and hijinx of hackers based on Microshaft's inept security standards? Trust them with my data? Yeah, sure. Dotnet, hellstorm, why not? Go ahead give Ms the keys to your most precious asset -your data. They can't keep the backdoors locked anyway.</rant>
The new analysis of the Code Red II worm shows it to be more than 4,000 times faster than the previous worm at picking its targets. One estimate Sunday reportedly put the number of infected systems at 400,000.
The log file of one of my high traffic site show 20.000+ hits a day ago from infected servers. Others less than 200.
I was billed today for the extra bandwidth that code red is using on my servers ....
I called @home today to find no tech support line due to the people calling them. So I used the online support and since the majority of the requests come from there network I requested they email there users to no avail they were not cooperative.
So I am paying higher bandwidth bills because there networks are so full of the virus .... Don't get me wrong I am a @home user but I do not have worms. It does not make sense that they have not emailed there user data base yet and this worm leeching there users computers is definatly in violation with there TOS ...... I could rant about this for hours though I won't ...
I know that some road runner and all the videotron users were emailed warning them to patch there computers and stop this behavior but to no avail @home feels it is not responsible .... Should I bill them for the users computers that are querying my server non stop ? I only wish it was that simple ohh well another day another wasted dollar that I worked my behind off to make!
Was able to connect with the server admin for the software company-- he said it was a mail server that they skipped by accident. General Mills never did respond -- got a returned email on their ip registration info.
(edited out the word "slackmeyers")
Of the three largest "collections" of offenders: RoadRunner, @Home, and, in my case GCI (the service provider I use, go figure) only one has responded to an email, and that response was an autoreply. I s'pect they are being flooded with emails, actually. Of the group of people I work with, at least three are actively emailing admins. And we all are feeling frustrated in the lack of responses.
While I don't think Code Red has lived up to its network killing media hype, it certainly has proven to be an education in the general attitude of system administration. While 900 unique hosts isn't all that many in the grand scheme, and a dozen emails even less...the fact that none have cared enough to respond just leaves me a bit taken aback. I think I'll just comfort myself with the possibly optimistic thought that maybe they just haven't gotten around to it 'cause they are too busy patching their servers. ;)
@home has scanned my ports a few times trying to see if I have a patch so maybe this should help ..
Maybe it was the white lie I told them about a friend at CNN that is a reporter ? hahahahaha
The port scans have already started to die down since the last two days of constant annoyance. I still will not believe it totally until I see them cease altogether.
"The wonder of all these Internet security problems is that they are continually labeled as "e-mail viruses" or "Internet worms," rather than the more correct designation of "Windows viruses" or "Microsoft Outlook viruses." It is to the credit of the Microsoft public relations team that Redmond has somehow escaped blame, because nearly all the data security problems of recent years have been Windows-specific, taking advantage of the glaring security loopholes that exist in these Microsoft products. If it were not for Microsoft's carefully worded user license agreement, which holds the company blameless for absolutely anything, they would probably have been awash in class action lawsuits by now."
Read the rest... given the WinXP debacle, it's certainly not far fetched that it's goodbye to TCP/IP and hallo to TCP/MS riding on the backs of .Net, Hailstorm, and the Apocalypse :)
"And now, we have the impending release of Windows XP, and its problem of raw TCP/IP socket exposure. As I detailed two weeks ago, XP is the first home version of Windows to allow complete access to TCP/IP sockets, which can be exploited by viruses to do all sorts of damage."
Just who is the Unknown Rider? Gates, Ballmer or Allchin? And how the hell do they continue to get away with it?