Code Red Worm advisory

Matt Alexander plug-discuss@lists.PLUG.phoenix.az.us
Fri, 20 Jul 2001 20:43:43 -0700 (PDT)


If you've got an Apache server running, you can do either of these and chuckle 
to yourself:

Redirect /default.ida http://www.microsoft.com/

or

Redirect /default.ida http://127.0.0.1


I don't know if this exploit actually honors HTTP redirects (probably not), 
however.
~M


Quoting "John (EBo) David" <ebo@eagle.west.asu.edu>:

> 
> This was sent to me via my families ISP.  If you all know of this link
> please ignore...
> 
>   EBo --
> 
> ------------------------------------------------
> 
> This message is for anyone who operates an IIS Web Server.   Most of
> our customers can ignore this.  We're sorry for the broadcast message,
> but it was important to get this information out to those it affects.
> 
> The Code Red Worm has been multiplying greatly since yesterday.  It
> attacks english-language IIS servers.  If you run an IIS server,
> please
> see http://www.eeye.com/html/Research/Advisories/AL20010717.html
> This page contains an analysis of the worm, and instructions for
> protecting your system against it and/or removing it if you've already
> been infected.
> ________________________________________________
> See http://PLUG.phoenix.az.us/navigator-mail.shtml if your mail doesn't
> post to the list quickly and you use Netscape to write mail.
> 
> PLUG-discuss mailing list  -  PLUG-discuss@lists.PLUG.phoenix.az.us
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
> 



--
This email has been double rot-13 encoded for your protection.