|
Author
|
Topic: WARNING: VIRUS
|
Sv
JAG
|
posted 09-18- 11:11 AM
   
There is a bad new virus this moring - seems to effect MS servers, it appends javascript to your actual asp files and causes the user to download a file whenever they hit the page.The Wings with Wires server will be down until there is a patch for this... many other servers are effected. If you have a Windows web server, check your index.asp files... see if they prompt you to download an email.exe file. Better still, shut it down until this is figured out... If you are asked to download unknown files when you visit web sites, make sure you say no! You can also filter out email.exe from your mail client I think... More soon... ------------------
-Sv
Wings with Wires IP: Logged |
Snickers
Pilot
|
posted 09-18- 12:48 PM
Somehow I anticipated a virus attack about now....  IP: Logged |
Sv
JAG
|
posted 09-18- 01:07 PM
So far it looks like a continuation of the Code Red worm we had a while back.IP: Logged |
Sv
JAG
|
posted 09-18- 04:49 PM
OK, this one is real bad. Looks like it will be a while until Wings with Wires is back on-line... I will probably do a full re-build of the system.It also took out just about all of our corporate systems... this is the worst virus I have seen... but it does seem to be limited - some MS systems appear to be patched in a different way that keeps them safe. If your server is not infected yet, you are probably going to be ok... just look out for emails, it looks like the attachments don't need to be opened to cause damage - it seems that a new version of the rich-text dll is installed via the web if you hit an infected site - and this causes the email attachments to be run upon being read. This is just our first guesses so far... I hope the experts put it all together soon  IP: Logged |
Psi
Pilot
|
posted 09-18- 07:25 PM
Thanks for the heads up and all the info Sv, I hope you get through thing relatively painlessly...P IP: Logged |
Da Jug head
Pilot
|
posted 09-18- 07:32 PM
Must be a hallucination Sv. I mean, after all, according to Bill Gates Windows web servers are soooo much more secure than Linux or Unix web servers  Just ask Uncle Bill [This message has been edited by Da Jug head (edited 09-18-2001).] IP: Logged |
Sv
JAG
|
posted 09-18- 07:37 PM
www.cert.org Looks like it is time to rebuild everything... only way out. However, as shocking as it may seem, it is all my fault anyway. I just must have missed some security patch. It is sad that most of these weaknesses are known before the hackers get to them, and lazy bums like me just slakc off and forget to keep up to date with the (boring) security crap... IP: Logged |
Werner Molders
JAG
|
posted 09-19- 12:28 AM
I was surfing the net last night when suddenly I was prompted to install flash. I thought huh, that's wierd, I already have it but said yes anyways. Then it IMMEDIATELY prompted me to reboot (to change the settings) so I said no. I've rebooted twice since, nothing seems wrong with the computer. Question is, what does this thing do to the clients using infected servers?Werner P.S. Saw a note at the uni today saying some worm variant was released within a couple hours of last Tuesday's attacks. I don't know if its related, (to this or the attacks), but just fyi/fwiw... ------------------
Abbeville Field: Dedicated to the SDOE Experience. IP: Logged |
Sv
JAG
|
posted 09-19- 06:30 AM
I wouldn't worry about the flash thing... this virus asks you to download a readme.exe file.If you do get this virus, then you will find many *.eml files on your system. IP: Logged |
Vmartini
Pilot
|
posted 09-19- 10:50 AM
my flash vanished as well...
probably a harmless virus, or stupid users (glowers at sister) ------------------
 vmartini@ntlworld.com IP: Logged |
Spanky the Mad Dog
Pilot
|
posted 09-19- 11:08 AM
Yep my flash does that too. And I know it works just fine because alot of pages with flash start pages work just fine. But then others with some small flash part to the page want me to download it. Messed up. IP: Logged |
FSIC Messageboard
UBBFriend: Email This Page to Someone! 
