| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
 |
 | |||
| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
|
| |||
Home -> Community -> Mailing Lists -> Oracle-L -> RE: Microsoft IIS
We were hit by it ...... its a pain.
-----Original Message-----
Sent: Monday, July 23, 2001 11:47 AM
To: Multiple recipients of list ORACLE-L
Someone, I don't remember who, posted a question a week of so ago about
connecting to Oracle IAS via IIS instead of the provided Apache server
because
there damagement was afraid about being hacked. Well, pass the following
along
to damagement & ask them again what they want to do:
The "Code Red" worm ripped through Internet servers like no other previously unleashed piece of malicious code. "We are witnessing Internet history," says Chris Rouland, director of Internet Security Systems X-Force, which tracks Internet vulnerabilities. Based on reports, Code Red has infected over 225,000 servers.
The worm enters the targeted server through port 80. If the host is running Microsoft IIS, the worm executes a malformed HTTP "get" request to try to run a buffer overflow against the Microsoft IIS Indexing Service dynamic-link library. Once the worm successfully exploits the target, it starts searching for new servers to infect, and the compromised Web site is defaced.
Code Red's ultimate target was Whithouse.gov. The worm was set to attack the White House Web site July 20 by unleashing a torrent of traffic at the site. According to Rouland, the White House managed to avoid the attack by switching the site's IP address. He says the author of Code Red made a critical design flaw by hard-coding the White House's IP address. "That won't happen next time," he warns.
When the ILoveYou virus struck last year, many copycats struck in the following weeks. "I wouldn't be surprised to see many, many copy cats of this worm," he says. In fact, reports started surfacing Friday afternoon on security mailing list Bugtraq that several versions may already be loose.
An explanation of, and patch for, the IIS buffer overflow
vulnerability is available at
http://update.informationweek.com/cgi-bin4/flo?y=eD2T0BdFGA0V20QKW0AK
Has this one bit you? Tell other IT folks what you're doing to
combat the problem in the Listening Post
http://update.informationweek.com/cgi-bin4/flo?y=eD2T0BdFGA0V20Nmm0AD
--
Please see the official ORACLE-L FAQ: http://www.orafaq.com
--
Author:
INET: dgoulet_at_vicr.com
Fat City Network Services -- (858) 538-5051 FAX: (858) 538-5051 San Diego, California -- Public Internet access / Mailing Lists --------------------------------------------------------------------To REMOVE yourself from this mailing list, send an E-Mail message to: ListGuru_at_fatcity.com (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing).
Fat City Network Services -- (858) 538-5051 FAX: (858) 538-5051 San Diego, California -- Public Internet access / Mailing Lists --------------------------------------------------------------------To REMOVE yourself from this mailing list, send an E-Mail message to: ListGuru_at_fatcity.com (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing). Received on Mon Jul 23 2001 - 10:49:13 CDT
 |
 |