>>From
http://vil.mcafee.com/dispVirus.asp?virus_k=99142>>
>>This threat only affects Microsoft XP/2000/NT running web servers
>>
>>Your environment is at HIGH RISK if:
>>
>>1) You have Microsoft Index Server 2.0, or Indexing Service installed with Windows 2000/XP.
>>
>>2) You have NOT updated these components with the latest patch from Microsoft.
>
>The default install of IIS does not install Index Server. If we do not have it, do you know if there are other mecanisms the virus may use to get installed?
I don't know. Here's what Symantec says:
The CodeRed Worm affects Microsoft Index Server 2.0 and the Windows 2000 Indexing service on computers running Microsoft Windows NT 4.0 and Windows 2000 that run IIS 4.0 and 5.0 Web servers. The worm uses a known buffer overflow vulnerability contained in the file Idq.dll. Information about this vulnerability and a Microsoft patch is located at:
http://www.microsoft.com/technet/security/bulletin/MS01-033.aspSystem administrators are encouraged to apply the Microsoft patch to prevent infection from this worm and other unauthorized access.
Craig Berntson
MCSD, Microsoft .Net MVP, Grape City Community Influencer