It looks like someone's used the Code Red backdoor to
install a new worm. The attacks seem to be coming from IIS servers...
Phil
---------------------------------------------
Phil Randal
Network Engineer
Herefordshire Council
Hereford, UK
> -----Original Message-----
> From: Great Cthulhu Jones [mailto:[EMAIL PROTECTED]]
> Sent: 18 September 2001 16:11
> To: Exchange Discussions
> Subject: RE: OWA Admins - Heads Up
>
>
> Yeah. It's about that time again.
>
> (:=
> Great Cthulhu Jones
> CEO, R'lyeh Consulting
> http://www.zzzptm.com/cthulhu
> http://www.bad-managers.com
>
> -----Original Message-----
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED]]On Behalf Of Chuck Parkey
> Sent: Tuesday, September 18, 2001 10:06 AM
> To: Exchange Discussions
> Subject: OWA Admins - Heads Up
>
>
> Over the last couple of hours the number of probes (Code Red,
> etc.) against
> my web servers has skyrocketed. This has also been reported
> by other people
> on another mail list I am on. Make sure those servers are protected.
>
> --------------
> Chuck Parkey
> Creative Teaching Press
>
> _________________________________________________________________
> List posting FAQ: http://www.swinc.com/resource/exch_faq.htm
> Archives: http://www.swynk.com/sitesearch/search.asp
> To unsubscribe: mailto:[EMAIL PROTECTED]
> Exchange List admin: [EMAIL PROTECTED]
>
>
> _________________________________________________________________
> List posting FAQ: http://www.swinc.com/resource/exch_faq.htm
> Archives: http://www.swynk.com/sitesearch/search.asp
> To unsubscribe: mailto:[EMAIL PROTECTED]
> Exchange List admin: [EMAIL PROTECTED]
>
_________________________________________________________________
List posting FAQ: http://www.swinc.com/resource/exch_faq.htm
Archives: http://www.swynk.com/sitesearch/search.asp
To unsubscribe: mailto:[EMAIL PROTECTED]
Exchange List admin: [EMAIL PROTECTED]
