Solution to the CodeRed mess.

Someone should develop a CodeRed.kill that simply puts the existing infected CodeRed servers (and that's really all these machines are good for at this point... serving CodeRed to other machines) out of their misery. Disable those boxes. It's obvious that there isn't any competent sysadmin looking over these machines, so rather than let them continue to flood the Internet with their attacks, take them out.

Here's how it could be done: create a CodeRed variant that once installed on a host attempts to infect other servers with itself for a period of let's say, 1 week. It should first check the server to make sure it's an IIS box (as all of the CodeRed strains should have done-- attacking an Apache server is silly) and it should avoid infecting machines that already have CodeRed.kill installed.

After the week of propagation, it would set the IIS service to a manual start status and reboot the machine. Correcting this problem is fairly simple-- an admin can re-enable the IIS service. For other users who may not even have realized they were running IIS, it won't really matter to them anyway if it isn't running.


This article was published on August 27, 2001 3:24 PM.

The article previously posted was More bad news for Gary Condit.

The next article is

Many more can be found on the home page or by looking through the archives.

Powered by Movable Type