Hi Tony,
I did all the necessary steps...still got the virus...
Thanks, andyb
[EMAIL PROTECTED]
Wednesday, September 26, 2001, 12:51:03 PM, you wrote:
TGSA> 'A constructive addition to this thread'
TGSA> Just because you patch your servers, doesn't mean you aren't open to Nimda.
TGSA> Remember it spreads in many more ways than code red, it is NOT just an IIS
TGSA> hole.
TGSA> - If your server had remnants of code red II, even if you've patched, the
TGSA> patches didn't fix the code red II damage, you are open to attack.
TGSA> - If one of your workstations either received an email with the readme.exe
TGSA> or browsed a web page (or someone on the server itself) of an infected
TGSA> server, you are open to attack.
TGSA> - If you have open file shares to the server for maintenance from a
TGSA> workstation, and your workstation gets it, your server is open to attack.
TGSA> Luckily, we have not been hampered by Nimda (besides an increase in
TGSA> traffic). But this is only because when the first Code Red started going
TGSA> around, I went end to end in our network making sure security was tightened,
TGSA> patches were installed, AV was up to date on each and every workstation. I
TGSA> like many was way out of date on a lot of our machines.
TGSA> I have a customer who I worked with to get Code Red off of their server.
TGSA> Applied all of the patches, and coached her on keeping up on patches and AV.
TGSA> Two weeks ago they added a workstation to the network, never put AV on it,
TGSA> it got an infection via email, and it spread to half of their network that
TGSA> hadn't had it's virus defs updated after Sep 18th (the day that virus defs
TGSA> were published by most everyone for Nimda).
TGSA> Is Microsoft just that lousy? I think it has tons of room for improvement,
TGSA> but I think it is also being targeted mainly because of "Virus Marketing" -
TGSA> what can I write a virus for that will reach the largest demographic? Both
TGSA> sides can be argued very well, but as administrators we have the choice to
TGSA> either migrate our entire networks to other OS's (which might be a target
TGSA> later down the road), or take on the extra responsibility to keep on top of
TGSA> the OS's we have, down to the stupid workstation that sits in the corner.
TGSA> My $0.02 :-)
TGSA> Tony Gray
TGSA> Intouch Communications, Inc.
>> -----Original Message-----
>> From: [EMAIL PROTECTED]
>> [mailto:[EMAIL PROTECTED]]On Behalf Of
>> andyb@thumpernet
>> Sent: Wednesday, September 26, 2001 10:17 AM
>> To: [EMAIL PROTECTED]
>> Subject: Re[2]: [IMail Forum] OT: IIS
>>
>>
>> My web server *was* patched and it got the virus *anyway*. Same thing
>> for another web server admin near here.
>>
>> Thanks, andyb
>> [EMAIL PROTECTED]
>>
>> Tuesday, September 25, 2001, 4:45:43 PM, you wrote:
>>
>> JT> Even better, cheaper, faster. Keep up to date with patches and Service
>> JT> Packs. Like I said earlier, the patch that would keep Nimba at bay was
>> JT> posted on Microsoft's website in October of 2000.
>>
>> JT> John Tolmachoff, Network Engineer
>>
>> JT> 211 E. Imperial Hwy., Suite 106
>> JT> Fullerton, CA� 92835
>> JT> 714-578-7999, ext. 104
>> JT> [EMAIL PROTECTED]
>> JT> www.reliancesoft.com
>> JT> �
>>
>>
>> JT> -----Original Message-----
>> JT> From: [EMAIL PROTECTED]
>> JT> [mailto:[EMAIL PROTECTED]] On Behalf Of Bill Beach
>> JT> Sent: Tuesday, September 25, 2001 6:20 AM
>> JT> To: [EMAIL PROTECTED]
>> JT> Subject: [IMail Forum] OT: IIS
>>
>> JT> For all of you IIS Admins out there:
>>
>> JT> "Gartner recommends that enterprises hit by both Code Red and Nimda
>> JT> immediately investigate alternatives to IIS, including moving Web
>> JT> applications to Web server software from other vendors, such
>> as iPlanet
>> JT> and
>> JT> Apache," explains Gartner's John Pescatore.
>>
>> JT> Complete article:
>> JT> http://www.theregister.co.uk/content/4/21853.html
>>
>> JT> -Bill
>>
>>
>> JT> Please visit http://www.ipswitch.com/support/mailing-lists.html
>> JT> to be removed from this list.
>>
>> JT> An Archive of this list is available at:
>> JT> http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
>>
>>
>> JT> Please visit http://www.ipswitch.com/support/mailing-lists.html
>> JT> to be removed from this list.
>>
>> JT> An Archive of this list is available at:
>> JT> http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
>>
>>
>> Please visit http://www.ipswitch.com/support/mailing-lists.html
>> to be removed from this list.
>>
>> An Archive of this list is available at:
>> http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
>>
TGSA> Please visit http://www.ipswitch.com/support/mailing-lists.html
TGSA> to be removed from this list.
TGSA> An Archive of this list is available at:
TGSA> http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
Please visit http://www.ipswitch.com/support/mailing-lists.html
to be removed from this list.
An Archive of this list is available at:
http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
