Oracle FAQ Your Portal to the Oracle Knowledge Grid

Home -> Community -> Mailing Lists -> Oracle-L -> re: code red

re: code red

From: Eric D. Pierce <>
Date: Wed, 08 Aug 2001 10:59:55 -0700
Message-ID: <>


don't you loooooooooooooove Uncle Bill's Fine Software?

( , , , , 


If you are on NT/Win2k server, join the WIN-NT list, and look through the recent web archives (see appended message).

You should be able to subscribe to Microsoft security alerts so that you know what patches to apply before this kind of sh*t hapens?

Also, look at

They are the guys the discovered and published the original vulnerability that Code Red exploits.


> From: "Kevin Kostyszyn" <>
> Date: Tue, 7 Aug 2001 10:54:35 -0400
> Subject: Code Red

[via oracle-l digest]

> So does anyone know how to get rid of the virus if you got it?

---begin appended---

Date: Wed, 8 Aug 2001 18:57:15 +0200
Sender: Windows NT/2000 Discussion List <WINNT-L_at_PEACH.EASE.LSOFT.COM>

> I do not know how many of you read security bulletins but .ida and
> .idq vulnerabilities are not new to windows 2000 or IIS. My servers
> have been patched against .ida and .idq vulnerabilities for over a
> year and a half and it boggles me that there are hundreds and
> thousands (178,000 reported infected by CNN) of servers out there
> who have not done a simple thing such as remove the .idq and .ida
> mappings from their webs or who were too lazy to apply a patch that
> takes 5 minutes out of their day.
> This is listed in the IIS security checklist and has been so for a
> long time (approx 16 months +)
> itsolutio
> (url may be wrapped)
> Quite honestly the Indexing Service on Windows 2000 is pretty
> useless and puts an enormous amount of overhead onto servers
> running websites. So .... best fix is to "uninstall" the indexing
> service then you are truly patched and never have to worry when you
> hear the word "Code Red". There are also a lot of other extension
> mappings in IIS that are there by default and should also be
> removed if you are not using them, like .shtml .stm .shtm .idc
> .printer .htr .htw and don't forget .ida and .idq
> If you truly need the index server extensions in your web then so
> be it. But make sure that you are patched and that you periodically
> check that all your patches are installed and working ..... a full
> time job .. yes, but hey ... you wanna run web servers you gotta
> work hard to keep intruders out !! This means you have to install
> "all" microsoft patches relevant to your server. It is also
> suggested to install these within hours of their release .... don't
> wait to do it later cause you'll just forget to do it at all and
> eventually get nailed.
> Just my 10 cents worth :-) ..... Use it .. don't use it ... your choice.
> Regards
> Mitch
> --------------------------------------------------------------------------
> The WINNT-L list is hosted on a Windows NT(TM) machine running L-Soft
> international's LISTSERV(R) software. For subscription/signoff info
> and archives, see .


Please see the official ORACLE-L FAQ:
Author: Eric D. Pierce

Fat City Network Services    -- (858) 538-5051  FAX: (858) 538-5051
San Diego, California        -- Public Internet access / Mailing Lists
To REMOVE yourself from this mailing list, send an E-Mail message
to: (note EXACT spelling of 'ListGuru') and in
the message BODY, include a line containing: UNSUB ORACLE-L
(or the name of mailing list you want to be removed from).  You may
also send the HELP command for other information (like subscribing).
Received on Wed Aug 08 2001 - 12:59:55 CDT

Original text of this message