Code Red Worm advisory
Matt Alexander
plug-discuss@lists.PLUG.phoenix.az.us
Fri, 20 Jul 2001 20:43:43 -0700 (PDT)
If you've got an Apache server running, you can do either of these and chuckle
to yourself:
Redirect /default.ida http://www.microsoft.com/
or
Redirect /default.ida http://127.0.0.1
I don't know if this exploit actually honors HTTP redirects (probably not),
however.
~M
Quoting "John (EBo) David" <ebo@eagle.west.asu.edu>:
>
> This was sent to me via my families ISP. If you all know of this link
> please ignore...
>
> EBo --
>
> ------------------------------------------------
>
> This message is for anyone who operates an IIS Web Server. Most of
> our customers can ignore this. We're sorry for the broadcast message,
> but it was important to get this information out to those it affects.
>
> The Code Red Worm has been multiplying greatly since yesterday. It
> attacks english-language IIS servers. If you run an IIS server,
> please
> see http://www.eeye.com/html/Research/Advisories/AL20010717.html
> This page contains an analysis of the worm, and instructions for
> protecting your system against it and/or removing it if you've already
> been infected.
> ________________________________________________
> See http://PLUG.phoenix.az.us/navigator-mail.shtml if your mail doesn't
> post to the list quickly and you use Netscape to write mail.
>
> PLUG-discuss mailing list - PLUG-discuss@lists.PLUG.phoenix.az.us
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
>
--
This email has been double rot-13 encoded for your protection.