SystemPro News - 2001-09-19
as you know, Adiscon's SystemPro News is published only occasionally when we
think there are really important things. Unfortunately, we have such an issue
right now. You might already have heard about a new virus outbreak, the
This worm / virus hybrid is dangerous because it uses multiple methods to
propagate. One of it is the ability to infect a user's PC by simply browsing to
a web page. This is true for of unpatched Internet Explorer 5 in default
settings. If you run that configuration, you are in high risk. Please note that
the "Nimda" worm also tries to infect home pages of unpatched IIS
systems. To do so, it uses the same vulnerabilities "Code Red" does.
We already have seen a number of infected web pages in the wild.
Please note: even if you run only INTERNAL IIS web servers on your INTRANET,
you need to protect them against these vulnerabilities. Otherwise, you could
easily spread the new virus inside your organization!
Furthermore, our testing has revealed that the browser vulnerability can
easily be used to do other malicious things. In fact, it is so easy that we
expect a large number of maliceous web sites to follow that scheme soon.
As a quick measure, you can change your Internet zone security settings to
"high". As to the best of our knowledge, this currently prevents this
virus from spreading. You might, however, experience problems when viewing web
pages because this will disable scripting.
We strongly urge all users to apply the latest Microsoft patches to their
systems. Please note that this is equally important to corporate AND home users
alike. Especialy home machines with DSL connections are primary targets for IIS
Please see this Microsoft advisory on how to handle the current
"Nimda" worm. Again, installing the patches will not only secure you
from "Nimda" but also the expected upcoming variants.
This is one long URL!
Additional information on the related "Code Red" virus and how to
remove it is also available at our web site at
We at Adiscon would like to thank all our readers for reading WebProNews. We
hope you find this information useful. Be sure to check
http://www.windows-expert.net for more great information.
Invite your friends to subscribe to Adiscon SystemPro News provided