Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Chriss Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

ALERT -- New IIS worm!! 1

Status
Not open for further replies.
rycamor

rycamor

Programmer
Jun 3, 1999
1,426
US
Check out
Apparenty this one is worse than Code Red. My Apache box has already had over 1000 attempts since this morning, and this is just my DSL firewall at home.

It infects IIS servers, and then does two things:
1) sends GET requests to infect other machines in the IP block
2) attaches a "readme.eml" file to every document server, which usually gets automatically executed by IE5+, thereby writing some changes to the registry, and emailing some registry information elsewhere.

DON'T browse with IE right now, Get Netscape, Mozilla, or Opera, please.

Check your server logs for requests including "cmd.exe", "root.exe", and "admin.dll".
 
Here are some good site with valid info relating to the Nimda: W32.nimda.a.mm worm



Check them out - Look for my thread in thr NT4 forum and you will see some of the preliminary findings of what it does.
 
Status
Not open for further replies.

Similar threads

ravalos
  • Locked
  • Question
Problem with PDFs in IIS
Replies
1
Views
1K
gbaughma
gbaughma
DrB0b
  • Locked
  • Question
Windows 2016 IIS FTP server with a ton of user accounts
Replies
4
Views
778
DrB0b
DrB0b
GriffMG
  • Locked
  • Question
Server 2016 IIS - When opening default web page in Edge (chromium) it downloads rather than opening
Replies
1
Views
370
GriffMG
GriffMG
donb01
  • Locked
  • Question
IIS - Can I do this Redirect?
Replies
1
Views
228
donb01
donb01
KnowItAllmost
  • Locked
  • Question
IIS 8.5 Throws Server Error 500.19 and error code: 0x80070021 SOLVED
Replies
0
Views
371
KnowItAllmost
KnowItAllmost

Part and Inventory Search

Sponsor

Back
Top