At 10:17 AM 9/26/01 -0400, andyb@thumpernet wrote:
>My web server *was* patched and it got the virus *anyway*. Same thing
>for another web server admin near here.
To back this up, we had 18 NT boxes online last week
when it hit (19 now) and three of them were hit.
Our patches were up to date running through August 15 or
17th. (Forget the exact date)
Interestingly enough, we applied some later fixes available
through a number of sources on Wednesday and Thursday. We
had another server hit Sunday in spite of this.
What I find curious is that even though our .html files
were modified and I KNOW we were infected, the clean nimda
utility from Symantec said we didn't have it. Go figure.
I've had some sys admins I know insist left and right there
was no way we could have been infected if we were patched,
but we were. A few people I know suggested we had the code
red worm when that hit and that left open a back door.
But one of the servers that was hit only went online the
last week of August and had the latest service pack and
all patches. The system was also clean when I did a check
for code red.
Sharon Tucci
Please visit http://www.ipswitch.com/support/mailing-lists.html
to be removed from this list.
An Archive of this list is available at:
http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
