I was hit too, but I have many questions as to how it started and works?
I applied the patch and I can now get into my exchange server OWA.
The thing is, we have 7 web services running on iis5, the default
doesn't have a web page in it, but exchange 2000 runs off of it in a
subdir, thats how we found out we got hit. The thing is, that it
doesn't affect other web sites running on that server, except for the
default so it would appear in our case anyways.
My question is, the patch updates idq.dll. How did this get rid of the
redirection to the www.worms.com <http://www.worms.com> page? I have
scanned the system for virii, and its clean. Are we to assume that it
is no longer sending out requests too? All the web pages are quite
vague on this, other than how it works. It just seems very weird. Most
worms/virii start witha file that infects, but I guess this is one that
is exploited from another server? ANy insight would be much
appreciated.
FWIW, MS should reissue the bulletin regarding this new worm, and how
their previous fix which only tlaks about Index server, can avoid thi
these worms.
-----Original Message-----
From: Jeff Kratka
Sent: Thu 7/19/2001 6:48 PM
To: [EMAIL PROTECTED]
Cc:
Subject: Re: [IMail Forum] IIS 5 - Chinese Worm
The patch does work, it hit my server this AM also. I'm running
IIS5. Works
fine now.
Jeff
******************************************************************
TymeWyse Internet
P.O.Box 84 - 583 N. Main St., Canyonville, OR 97417
tel/fax: (541) 839-6027 - [EMAIL PROTECTED]
******************************************************************
Please visit http://www.ipswitch.com/support/mailing-lists.html
to be removed from this list.
An Archive of this list is available at:
http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
winmail.dat
