>>>From
http://vil.mcafee.com/dispVirus.asp?virus_k=99142>>>
>>>This threat only affects Microsoft XP/2000/NT running web servers
>>>
>>>Your environment is at HIGH RISK if:
>>>
>>>1) You have Microsoft Index Server 2.0, or Indexing Service installed with Windows 2000/XP.
>>>
>>>2) You have NOT updated these components with the latest patch from Microsoft.
>>
>>The default install of IIS does not install Index Server. If we do not have it, do you know if there are other mecanisms the virus may use to get installed?
>
>
>I don't know. Here's what Symantec says:
>
>The CodeRed Worm affects Microsoft Index Server 2.0 and the Windows 2000 Indexing service on computers running Microsoft Windows NT 4.0 and Windows 2000 that run IIS 4.0 and 5.0 Web servers. The worm uses a known buffer overflow vulnerability contained in the file Idq.dll. Information about this vulnerability and a Microsoft patch is located at:
>
>
http://www.microsoft.com/technet/security/bulletin/MS01-033.asp>
>System administrators are encouraged to apply the Microsoft patch to prevent infection from this worm and other unauthorized access.
So, it seems that Microsoft Index Server 2.0 or Windows 2000 Indexing service should be installed in order to be eligible for such virus. If they are not running, we are ok.
Thanks for your help