> The Code Red v2 worm creates a command line backdoor accessible to > anyone with a sockets control, or who can type HTTP commands into a > telnet window. > That backdoor can be then used to install other backdoors. The only > safe, acceptable way, to be sure that you have a non-compromised > machine is to format, reinstall and restore from known good backup. > You don't know what else has been put on the server using the V2 exploit, therefore reformat/rebuild In our case we have a "pending" server behind the firewall that is an exact image of "live". So if compromised , a ghost of pending over hacked live and 30 min tweaks and back on air. cheers Dean -----Original Message----- From: Ray Zorz [mailto:[EMAIL PROTECTED]] Sent: Saturday, 11 August 2001 1:02 a.m. To: NT System Admin Issues Subject: RE: CodeRed.v3 Removal tool I frankly don't understand how something can be "perpetually hacked". Code doesn't just create itself magically. The fact is apparently no one to date has been able to figure out the trigger except perhaps the guys that wrote it to begin with. -----Original Message----- From: Kevin Miller [ mailto:[EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]> ] Sent: Thursday, August 09, 2001 11:19 PM To: NT System Admin Issues Subject: RE: CodeRed.v3 Removal tool Your server has been hacked the ONLY way to fix that is a REFORMAT. Period. No way around that. Sorry. -----Original Message----- From: The Realist's Mail [ mailto:[EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]> ] Sent: Wednesday, August 09, 2006 7:17 PM To: NT System Admin Issues Subject: Re: CodeRed.v3 Removal tool and we are serious...about security...we are also serious about not doing unnecessary work..... Jim ----- Original Message ----- From: Ken Schaefer <[EMAIL PROTECTED]> To: NT System Admin Issues <[EMAIL PROTECTED]> Sent: Thursday, August 09, 2001 9:44 PM Subject: Re: CodeRed.v3 Removal tool > No there are not. > > The Code Red v2 worm creates a command line backdoor accessible to > anyone with a sockets control, or who can type HTTP commands into a > telnet window. > That backdoor can be then used to install other backdoors. The only > safe, acceptable way, to be sure that you have a non-compromised > machine is to format, reinstall and restore from known good backup. > > Anyone who claims otherwise is burying their heads in the sand, the > same type of behaviour that got them infected in the first place. > Seriously - once you've been infected with this thing (actually it'd > probably be the second time), isn't it time to get *serious* about > security?!? > > Cheers > Ken > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > From: "The Realist's Mail" <[EMAIL PROTECTED]> > Subject: Re: CodeRed.v3 Removal tool > > > : there are tools to do this....I will post them at > ftp://ftp.gva.net/codered <ftp://ftp.gva.net/codered> > : anonymous > : > : > : Jim Frazier > : ----- Original Message ----- > : From: Ken Schaefer <[EMAIL PROTECTED]> > : To: NT System Admin Issues <[EMAIL PROTECTED]> > : Sent: Wednesday, August 08, 2001 9:54 PM > : Subject: Re: CodeRed.v3 Removal tool > : > : > : > Format, reinstall, restore from known good backup. > : > > : > Cheers > : > Ken > : > > : > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > : > From: "Shlomi Lachmish" <[EMAIL PROTECTED]> > : > Subject: CodeRed.v3 Removal tool > : > > : > > : > : Hi Guys, > : > : > : > : We are looking for a removal tool for the backdoors that > : > : the CodeRed.v3 virus leaves (files and registry entries). > : > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > > > > http://www.sunbelt-software.com/ntsysadmin_list_charter.htm <http://www.sunbelt-software.com/ntsysadmin_list_charter.htm> > > http://www.sunbelt-software.com/ntsysadmin_list_charter.htm <http://www.sunbelt-software.com/ntsysadmin_list_charter.htm> http://www.sunbelt-software.com/ntsysadmin_list_charter.htm <http://www.sunbelt-software.com/ntsysadmin_list_charter.htm> http://www.sunbelt-software.com/ntsysadmin_list_charter.htm *************************************************** This e-mail is not an official statement of the Waikato Regional Council unless otherwise stated. Visit our website http://www.ew.govt.nz *************************************************** http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
