Title: IIS Worm
We’ve spent the morning battling a worm. Here’s the news:
Its designed to exploit a vulnerability in Microsoft IIS (we use it for delivery) that is so new it doesn’t yet have a name. Its not yet in wide circulation, we just push so much mail we’ve seen it already. MS doesn’t yet know how it works, they have a patch that fixes at least the symptoms but has not yet published it as an official update.
Symptoms are the boxes que and caches filling up with one session of inetinfo.exe running overtime (lots of CPU and RAM).
Dan
- [Declude.JunkMail] OT: MS Security Bulletin MS04-011: IIS/SSL ... Dan Geiser
- Re: [Declude.JunkMail] IIS Worm Dan Patnode
- Re: [Declude.JunkMail] IIS Worm Matt
- Re: [Declude.JunkMail] IIS Worm Dan Patnode
