Slashdot Mirror

← Back to Stories (view on slashdot.org)

Code Red: the Aftermath

Posted by ryuzaki0 on from the if-only-this-was-the-last-code-red-article dept.

LiquidPC writes: "Microsoft has released a tool to help clean up the effects of the Code Red II. It removes the files and mappings installed by the worm, and reboots your system; it also gives you an option to permanantly disable IIS." So, Microsoft has given you a mop to clean up the mess they made. Start mopping! If you're not the one infected, just tired of seeing your Apache logs fill up, you might see this page.

6 of 505 comments (clear)

  1. The beginning of the end for IIS? by rambot · · Score: 1, Redundant

    All of the code red worms like it or not, have a good effect to an equal degree that they are bad or annoying. What does not kill us makes us stronger (or kills IIS which i wouldnt mind a bit). The interesting thing about the whole code red phenomenon is that it appears to be the first worm/virus to not only exploit a flaw in software, but a flaw in the character of the IIS server admin. Brilliant experiment in the area of a socially engineered worm. I have my doubts that they had envisioned it in this way when they created the worm however. I believe that a new breed of virus or worms have been born and now the door has been opened for worms that prey on the laziness and ignorance of unqualified or unreliable server operators. While all others have done this in the past, these are different in that they don't pose a threat specifically to one machines hardware or files, rather the net as a whole. Just look at the numbers of machines still infected. IIS ops are either entirely uninformed, or just have the "I'll just reboot, I don't have time to install patch" mentality.

    I am sure the dickwads over at Microsoft have spun this into a "Money Making Opportunity" for there "Open Source is UNAmerican and Unsafe" server marketing campaign. I can just hear it now.. "With the new Advanced Server Ver.666, you won't get hacked by that nasty code red back door we left open for you. We fixed it!" (thereby adding 3 more new ones) haha.

  2. It's Microsoft by Tony-A · · Score: 0, Redundant

    Well you know, different results from identical inputs. I would guess that most installations of IIS, intentional or otherwise, have nothing to do with Add/Remove Programs.

  3. I don't think this is funny... by drnomad · · Score: 0, Redundant
    I clicked on that "link" and it seems that it tries to shutdown your PC.

    Fortunately, I'm using Linux, but what if I was a Win user, having some files opened? Clicking that link (I'm only asking for a warning please) would make me loose some precious work.

    Micheal, please add a warning about what that link actually does, now my machine was tested while I didn't even know upfront what was going to happen. Yes, I know, if I were infected, I'd be unhappy too, but please show some understanding.

    --
    Bizar technology?
  4. Aftermath? by dsfox · · Score: 1, Redundant

    Is code red over? I'm still seeing as many hits
    as I ever did...

  5. Next step: automate it! by Quixote · · Score: 3, Redundant

    OK, who can write a perl CGI script that will, on connection from an infected host, send the appropriate commands to root.exe; download the tool; and run it?
    For extra credit: reboot twice, as Micro$oft recommends.
    For a straight A: fix the problem forever by replacing NT with Linux...

  6. Re:Stop blaming microsoft by ryanvm · · Score: 1, Redundant
    I'm so sick of people blaming Microsoft. The released a patch well before Code Red. Get over it.

    You're a moron. Windows NT/2000 has some very serious design flaws with regard to operating system security. That is the source of their security woes. Don't the countless "root" exploits that exist for NT demonstrate that to you at all?

    If you truly are an NT server admin than I pity you. While you spend half your day researching and applying patches to your servers, BSD and Linux admins get to play around with the really fun stuff.