No remedy?


In ZDNet.com it states that there are:
"At this time there is no tool available to remove the Trojan associated with Code Red II"


Also:

Just when we thought the worst was over, a new Code Red worm was discovered on August 4, 2001. The self-named Code Red II worm carries a dangerous payload and is capable of spreading faster than its predecessor. Instead of spawning only 100 scans of the Internet, Code Red II (w32.CodeRed.C) scans between 300 and 600 sites with each infection. And instead of defacing infected systems' Web sites, Code Red II drops a "virtual root" backdoor Trojan onto the infected system, allowing malicious users remote access to the infected system. Code Red II can be identified in Web server logs by the use of "XXXXXX" as filler characters as opposed to the original "NNNNN."

Remedy = Convert server to a Non-Windows version. Or maybe drop IIS and run Apache on the Winxx system?

Or even better yet, keep up with your security patches :)

Apparently the "evil-empire" itself has problems remembering to "keep up with their security patches"... :stickout

"Microsoft Corporation (Nasdaq: MSFT - news) admitted Wednesday that several servers running its MSN Hotmail Web-based e-mail have been infected with a Code Red worm. Over 150 million people use the free Internet service. The company declined to specify whether the virus in question was the original Code Red worm or its more harmful cousin, Code Red II."

http://dailynews.yahoo.com/h/nf/20010809/tc/12679_1.html

LOL. at least the ones still running BSD are safe. :)

I think someone wrote a version of Code Red to attack ***** :laugh:

I (HAD) a server with them (Windows 2000) and its been hit about 20,000 times by Code Red.

I now have a server with a MUCH more reputable host and NO hits from Code Red...

I love it how Code Red II attacks computers in its own class C...obviously, the author was very smart. I'll bet that most companies who have Win2k servers share a class C with a lot of other similar servers (for example, a Win2k dedicated hosting company) or host several servers themselves, which means that once just one server gets infected, all of the other ones get hit by Code Red as well in just seconds.

I'm convinced that the author of Code Red and Code Red II (if they are the same people) are extremely smart people who wanted to demonstate the flaws in IIS. They did excercise restraint (i.e. they didn't delete the whole hard drive after infecting other hosts - that would be cruel), but they are making even normal people question MS software.

I'm surprised there hasn't been much talk of finding the person who made CR and CR2. When ILOVEYOU was spreading the news channels focused on the "evil hacker who is destroying the world" instead of the worm itself. This time, however, all focus is on the worm.