Re: [Declude.JunkMail] IIS Worm

[Matt]

Knock on wood, we have never had issues with hacks or worms due to our customized install.  I would strongly recommend that everyone use the IIS Lockdown Tool which stops most exploits even if they are unpatched:     http://www.microsoft.com/downloads/details.aspx?FamilyID=dde9efc0-bb30-47eb-9a61-fd755d23cdec&displaylang=en It can be a bit of a hassle installing on a server that hosts clients with scripting of all sorts so you might want to alert customers to look for issues with their links and scripting, but it is great at stopping all sorts of recursion and buffer overruns that almost all such exploits use.  When we get those automated programs that crawl IP's and test for hundreds of vulnerabilities, this tool rejects every last one of the attempts before it actually reaches IIS for processing under our configuration. Matt Dan Patnode wrote: We’ve spent the morning battling a worm.  Here’s the news: Its designed to exploit a vulnerability in Microsoft IIS (we use it for delivery) that is so new it doesn’t yet have a name.  Its not yet in wide circulation, we just push so much mail we’ve seen it already.  MS doesn’t yet know how it works, they have a patch that fixes at least the symptoms but has not yet published it as an official update. Symptoms are the boxes que and caches filling up with one session of inetinfo.exe running overtime (lots of CPU and RAM). Dan -- ===================================================== MailPure custom filters for Declude JunkMail Pro. http://www.mailpure.com/software/ =====================================================