@Home is being attacked by the Code Red Worm

[mikemean]

I just got off the chat line with @Home and they have confirmed that users running microsoft internet servers that have not been patched are responsible for the constant activity light action on our modems. If you are one of these people PATCH YOUR DAMN SERVER!

Welcome mikemeanmt ...
Connecting to server. Please wait...
Connected to athchat02.tci.net
https://help.broadband.att.com/index.jsp
Hello! Welcome to AT&T @Home's Online Customer Support Center.
We apologize for the delay and appreciate your patience. A message from a customer care specialist should appear in the chat window shortly.
4. To quickly find answers to questions you may have about your AT&T@Home service, check out our Fast Answers to Questions section above.
5. To view any possible service interruptions in your area and to access other timesaving tools, click on the Service Tools section on the left navigation panel above.
T-Stacy S has joined this session!
T-Stacy S says, Good evening and thank you for contacting AT&T@Home, by AT&T Broadband. My name is Stacy.
T-Stacy S says, I apologize for the inconvenience. We are working on this issue
at this time.
T-Stacy S says, Are you using a firewall?
You say, Yes
T-Stacy S says, Can you please forward the logs to shea.stacy@broadband.att.
com?
You say, Yes I will. They are up to nearly 200 now. Is this the Code Red Worm
?
T-Stacy S says, Yes, it is. There are some users using server based operating systems that haven't patched and that is causing these probes.
You say, ok, that email is shea.stacy@broadband.att.com?
T-Stacy S says, Correct.
You say, ok, I am also getting hits from outside the US. This would still be the worm?
T-Stacy S says, We can't rule it out at this time, but it may be people taking advantage of the red worm. Good reason to have a firewall.
You say, OK, I am running Zone Alarm, so I knew I was safe, I just wanted to find out what was going on. Thanks
T-Stacy S says, You're welcome. Have you sent the email?
You say, Let me do that now for you before I disconnect with you...
T-Stacy S says, Great, thanks.
You say, ok, it's on its way...
T-Stacy S says, Got it. Is there anything else I can assist you with currently?
You say, You got it already??? No this was the only issue...
T-Stacy S says, Yes, thanks for both att.
You say, ok, have a great night.
T-Stacy S says, You're welcome. Have a great evening and thanks for contacting AT&T @home.
The session has en

[hoggy]

So how and where do you patch your server to get rid of this red worm?
Thx
hog....... (

[greEd]

go here to read the security bulletin.

go here to download the patch.

[Dakota]

Originally posted by hoggy
So how and where do you patch your server to get rid of this red worm?
Thx
hog....... (

Be advised that the patch and the virus only applies to NT and WIN2000 systems.

[emixnem]

whats NT???

[greEd]

what do you mean?

[Cornbread]

just wondering....

i currently use win98se, but alot of members to this site use win2k. do they need to patch their systems even though they may not be running a server?

[blebs]

The CodeRed Worm affects Microsoft Index Server 2.0 and the Windows 2000 Indexing service on computers running Microsoft Windows NT 4.0 and Windows 2000 that run IIS 4.0 and 5.0 Web servers.

If your not running a server, I think not, but it wouldn't hurt to keep a close eye on this thing, should it jump tracks and decide to infect all Win 2000 machines.

[Cornbread]

Originally posted by blebs99

If your not running a server, I think not, but it wouldn't hurt to keep a close eye on this thing, should it jump tracks and decide to infect all Win 2000 machines.

exactly, my opinion is people should install the patch anyway...it couldn't hurt. i am on win98se so no biggie for me, but my modem is going crazy the last 48 hours....makes you wonder.

[MrTRiX]

Cornbread it is busy becasue the servers that are infected all over the world are looking at around the net for computers like itself. Now your may not be one but ti does not know that till it checks your port 80 which is HTTP port. That little ping is nothing but the fact is these computers don't know you have been checked so many of them may ping you to see the same thing. This can become alot. As I am writing this I have been hit 42 times. And another thing is if you notice your connection seems slow it may not just be you because these websites you think are going slower could be going slower because there infected and looking for computers to join up which wastes alot of there bandwidth.

[hoggy]

Well I am running a duel boot system. Win 98 SE and Win 2k. What now. Should I start up in win2k and see about the patch? I am a little uneducated in these things.
Thx,
hog..... :}

[blebs]

hoggy: The worm is affecting only those persons running a server, so you do not need to, but it is a small download and no one has had any bad effects from running the patch on Win2000 so I'll let you be the decision maker. It might be a little added insurance.

[Juggernaut]

So is that u'r recommendation to run it even if u'r not running a server?

The thing that's surprising me is the amount of people that are actually running these servers considering that @home doesn't allow the use of servers.

Hmmm...maybe this is actually released by @home to catch the people running servers....lol

[blebs]

Actually, no Juggernaut. I figure if a few people have already done it, whats the harm?

I'm wondering about Road Runner since they have some of the areas with the New Business Class Tier Systems. We are one of them that does. How many servers are sitting at a work area right now, spreading the worm or allowing the trojan to enter simply because no one is at work until tomorrow morning?

[MrTRiX]

If you don't run IIS there is no point in installing the patch and I don't even know if it will let you install it without IIS.