You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by David Domenico <dd...@amano.com> on 2001/08/02 17:29:50 UTC
Code Red Worm virus
I am running Tomcat 3.2.1 standalone for development purposes, as a web
server using port 80. Yesterday I noticed the message, see below, on my
Tomcat console window. This is identified as the "Code Red" virus as noted
in the http://www.cert.org/advisories/CA-2001-19.html. The advisory states
that the system may not have been compromised, but I am still concerned.
I notified our network administrator and he applied the neccessary patchs
from MS. However I am not running IIS. Does anyone know of a problem with
Tomcat and the code red virus? I will download the latest release build,
Tomcat 3.2.3. and install it.
Full GET
/default.ida?NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN
NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN
NNNN
NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN
NNNN
NNNNNNN%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7
801%
u9090%u9090%u8190%u00c3%u0003%u8b00%u531b%u53ff%u0078%u0000%u00=a HTTP/1.0
Content-type: text/xmlHOST:www.worm.com Accept: */*
regards,
David Domenico
Software Engineer
"We should take care not to make the intellect our god; it has, of course,
powerful muscles, but no personality." - Albert Einstein
**********************************************************************
This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
MIS@Amano.com
This footnote also confirms that this email message has been swept
for the presence of computer viruses.
**********************************************************************
RE: Code Red Worm virus
Posted by Loïc Lefèvre <ll...@fivia.com>.
look at:
http://securityfocus.com/ and search for it ;)
-----Message d'origine-----
De : Brandon Cruz [mailto:bcruz@norvax.com]
Envoyé : jeudi 2 août 2001 18:09
À : tomcat-user@jakarta.apache.org
Objet : RE: Code Red Worm virus
We are using tomcat-apache and have also seen this message. I don't know
what causes that either. I saw it about a month ago.
Brandon Cruz
-----Original Message-----
From: G.Nagarajan [mailto:gnagarajan@dkf.de]
Sent: Thursday, August 02, 2001 10:57 AM
To: tomcat-user@jakarta.apache.org
Subject: RE: Code Red Worm virus
I think it attacks only IIS web servers.
-----Original Message-----
From: David Domenico [mailto:ddomenico@amano.com]
Sent: Thursday, August 02, 2001 5:30 PM
To: tomcat-user@jakarta.apache.org
Subject: Code Red Worm virus
I am running Tomcat 3.2.1 standalone for development purposes, as a web
server using port 80. Yesterday I noticed the message, see below, on my
Tomcat console window. This is identified as the "Code Red" virus as noted
in the http://www.cert.org/advisories/CA-2001-19.html. The advisory states
that the system may not have been compromised, but I am still concerned.
I notified our network administrator and he applied the neccessary patchs
from MS. However I am not running IIS. Does anyone know of a problem with
Tomcat and the code red virus? I will download the latest release build,
Tomcat 3.2.3. and install it.
Full GET
/default.ida?NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN
NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN
NNNN
NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN
NNNN
NNNNNNN%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7
801%
u9090%u9090%u8190%u00c3%u0003%u8b00%u531b%u53ff%u0078%u0000%u00=a HTTP/1.0
Content-type: text/xmlHOST:www.worm.com Accept: */*
regards,
David Domenico
Software Engineer
"We should take care not to make the intellect our god; it has, of course,
powerful muscles, but no personality." - Albert Einstein
**********************************************************************
This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
MIS@Amano.com
This footnote also confirms that this email message has been swept
for the presence of computer viruses.
**********************************************************************
RE: Code Red Worm virus
Posted by Brandon Cruz <bc...@norvax.com>.
We are using tomcat-apache and have also seen this message. I don't know
what causes that either. I saw it about a month ago.
Brandon Cruz
-----Original Message-----
From: G.Nagarajan [mailto:gnagarajan@dkf.de]
Sent: Thursday, August 02, 2001 10:57 AM
To: tomcat-user@jakarta.apache.org
Subject: RE: Code Red Worm virus
I think it attacks only IIS web servers.
-----Original Message-----
From: David Domenico [mailto:ddomenico@amano.com]
Sent: Thursday, August 02, 2001 5:30 PM
To: tomcat-user@jakarta.apache.org
Subject: Code Red Worm virus
I am running Tomcat 3.2.1 standalone for development purposes, as a web
server using port 80. Yesterday I noticed the message, see below, on my
Tomcat console window. This is identified as the "Code Red" virus as noted
in the http://www.cert.org/advisories/CA-2001-19.html. The advisory states
that the system may not have been compromised, but I am still concerned.
I notified our network administrator and he applied the neccessary patchs
from MS. However I am not running IIS. Does anyone know of a problem with
Tomcat and the code red virus? I will download the latest release build,
Tomcat 3.2.3. and install it.
Full GET
/default.ida?NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN
NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN
NNNN
NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN
NNNN
NNNNNNN%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7
801%
u9090%u9090%u8190%u00c3%u0003%u8b00%u531b%u53ff%u0078%u0000%u00=a HTTP/1.0
Content-type: text/xmlHOST:www.worm.com Accept: */*
regards,
David Domenico
Software Engineer
"We should take care not to make the intellect our god; it has, of course,
powerful muscles, but no personality." - Albert Einstein
**********************************************************************
This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
MIS@Amano.com
This footnote also confirms that this email message has been swept
for the presence of computer viruses.
**********************************************************************
RE: Code Red Worm virus
Posted by "G.Nagarajan" <gn...@dkf.de>.
I think it attacks only IIS web servers.
-----Original Message-----
From: David Domenico [mailto:ddomenico@amano.com]
Sent: Thursday, August 02, 2001 5:30 PM
To: tomcat-user@jakarta.apache.org
Subject: Code Red Worm virus
I am running Tomcat 3.2.1 standalone for development purposes, as a web
server using port 80. Yesterday I noticed the message, see below, on my
Tomcat console window. This is identified as the "Code Red" virus as noted
in the http://www.cert.org/advisories/CA-2001-19.html. The advisory states
that the system may not have been compromised, but I am still concerned.
I notified our network administrator and he applied the neccessary patchs
from MS. However I am not running IIS. Does anyone know of a problem with
Tomcat and the code red virus? I will download the latest release build,
Tomcat 3.2.3. and install it.
Full GET
/default.ida?NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN
NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN
NNNN
NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN
NNNN
NNNNNNN%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7
801%
u9090%u9090%u8190%u00c3%u0003%u8b00%u531b%u53ff%u0078%u0000%u00=a HTTP/1.0
Content-type: text/xmlHOST:www.worm.com Accept: */*
regards,
David Domenico
Software Engineer
"We should take care not to make the intellect our god; it has, of course,
powerful muscles, but no personality." - Albert Einstein
**********************************************************************
This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
MIS@Amano.com
This footnote also confirms that this email message has been swept
for the presence of computer viruses.
**********************************************************************
Re: Code Red Worm virus
Posted by Endre Stølsvik <En...@Stolsvik.com>.
On Thu, 2 Aug 2001, David Domenico wrote:
| I am running Tomcat 3.2.1 standalone for development purposes, as a web
| server using port 80. Yesterday I noticed the message, see below, on my
| Tomcat console window. This is identified as the "Code Red" virus as noted
| in the http://www.cert.org/advisories/CA-2001-19.html. The advisory states
| that the system may not have been compromised, but I am still concerned.
|
| I notified our network administrator and he applied the neccessary patchs
| from MS. However I am not running IIS. Does anyone know of a problem with
| Tomcat and the code red virus? I will download the latest release build,
| Tomcat 3.2.3. and install it.
It's a "binary virus", affects ONLY IIS. All binary viruses works like
this, they are highly targeted towars one specific platform. Java is a
totally different platform, and won't get affected by IIS' i386 "binary
viruses"..
--
Mvh,
Endre