Nimda Worm
Last updated: 5/22/03

The Dux Computer Digest web site is on a UNIX server and is not vulnerable to this worm or other Code Red variants.

MS Security bulletin - Code Red Worm

The following is a Security Bulletin from the Microsoft Product Security

Notification Service.

Please do not reply to this message, as it was sent from an unattended

mailbox.

********************************

The Microsoft Security Response Center, along with other

organizations listed below, is jointly publishing this alert that

ALL IIS ADMINISTRATORS ARE ASKED TO READ

A Very Real and Present Threat to the Internet:

July 31 [2001] Deadline For Action

Summary:

The Code Red Worm and mutations of the worm pose a

continued and serious threat to Internet users. Immediate action

is required to combat this threat. Users who have deployed

software that is vulnerable to the worm (Microsoft IIS

Versions 4.0 and 5.0) must install, if they have not done so

already, a vital security patch.

How Big Is The Problem?

On July 19, the Code Red worm infected more than 250,000 systems

in just 9 hours. The worm scans the Internet, identifies

vulnerable systems, and infects these systems by installing

itself. Each newly installed worm joins all the others causing

the rate of scanning to grow rapidly. This uncontrolled growth

in scanning directly decreases the speed of the Internet and

can cause sporadic but widespread outages among all types of

systems. Code Red is likely to start spreading again on

July 31st, 2001 8:00 PM EDT and has mutated so that it may be

even more dangerous. This spread has the potential to disrupt

business and personal use of the Internet for applications such

as electronic commerce, email and entertainment.

Who Must Act?

Every organization or person who has Windows NT or Windows 2000

systems AND the IIS web server software may be vulnerable.

IIS is installed automatically for many applications. If you

are not certain, follow the instructions attached to determine

whether you are running IIS 4.0 or 5.0. If you are using

Windows 95, Windows 98, or Windows Me, there is no action that

you need to take in response to this alert.

What To Do If You Are Vulnerable?

a. To rid your machine of the current worm, reboot your computer.

b. To protect your system from re-infection:

Install Microsoft's patch for the Code Red vulnerability problem:

- - Windows NT version 4.0:

http://www.microsoft.com/Downloads/Release.asp?ReleaseID=30833

- - Windows 2000 Professional, Server and Advanced Server:

http://www.microsoft.com/Downloads/Release.asp?ReleaseID=30800

Step-by-step instructions for these actions are posted at

http://www.microsoft.com/technet/treeview/default.asp?

url=/technet/itsolutions/security/topics/codeptch.asp

Microsoft's description of the patch and its installation,

and the vulnerability it addresses is posted at:

http://www.microsoft.com/technet/treeview/default.asp?

url=/technet/security/bulletin/MS01-033.asp

Because of the importance of this threat, this alert is

being made jointly by:

Microsoft

The National Infrastructure Protection Center

Federal Computer Incident Response Center (FedCIRC)

Information Technology Association of America (ITAA)

CERT Coordination Center

SANS Institute

Internet Security Systems

Internet Security Alliance

-*******************************************************************

For security-related information about Microsoft products, please visit the Microsoft Security Advisor web site at http://www.microsoft.com/security.