As many of you know by now, since this week, a worldwide virus threat is effective. While many articles have been released about that, many Web sites owners are still waiting for a patch from Microsoft on that security hole. So, during that time, most of them are verifying, and cleaning if applicable, their IIS server configuration and doing related tasks just to assure the ongoing running of their sites.
This has caused a lot of reactions. Basically, so far, it was related to IIS on the server side and on IE on the client side. All the incidents reported seems to be related to IE users only. While reading MS site this morning, it seems that users having Windows XP Service Pack 2 RC2 are not affected by this which may explain why I never saw anything on this side. So, users having the flexibility to use another browser may have switched temporarily until the situation entirely resolved.
As for us, once discovered, we adjusted the footer of each site running on our server so the setup was good again. But, during that time, those who accessed the site with IE may have received reports that some files from UT contained viruses and may have received also some script errors. But, even after it was fixed, some continued to have the problem as many of the files were coming from the cache. So, for most of them, once they cleared the temp files of IE and restarted it, they never get that reaction after and all was ok.
As for the IE cache, this is an important point. We discovered that from snapshots, from several users who sent us what they were seeing on our main page, that many users are not hitting our server at all for several content. For example, some users were having content and images from our main page dated from one month. So, basically, some of them were getting extremely old content as their configuration was set to read everything from the cache. If you think that may concern you, make sure you have at least the default setting of IE which should be pretty good to keep accurate content.
As for those who are all set up with the latest version and patches so as for other related things, if the situation persists, the only thing I could recommend for now is to use a temporary browser. We have discovered that, even if we are fully clean on the server, that some users keep receiving notices that some files contain viruses when it's not the case. For a while, we thought that this was a bad virus signature update received on the client side but that has not been confirmed yet. IAC, for those who like to read and be kept aware of what is going on, here are several links:
http://www.microsoft.com/security/incident/download_ject.mspxhttp://zdnet.com.com/2100-1105_2-5247187.html?tag=zdfd.newsfeedhttp://news.bbc.co.uk/2/hi/technology/3840101.stmhttp://apnews.myway.com/article/20040625/D83E26M00.htmlhttp://techdirt.com/articles/20040624/2316200.shtmlhttp://isc.sans.org/http://isc.sans.org/diary.php?date=2004-06-24
