• [^] # Re: Pas facile de trouver des precisions !

    Posté par . En réponse à la dépêche Apres le code rouge...le code bleu. Évalué à 10.

    http://www-1.ibm.com/services/continuity/recover1.nsf/advisories/85(...)

    The Code Blue virus attacks Microsoft IIS servers by attacking a vulnerability
    in the inetinfo service routine. It installs a service "hostc.exe" and can
    slow
    system response and cause a DoS of the IIS Web server. Further the virus can
    drop C:\d.vbs.

    This worm may be more persistent than the Code Red II worm in that it also
    modifies the registry and adds SVC$hostc.exe to
    SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ which causes it to survive
    server reboots

    This is some VERY preliminary information based on a poorly translated entry
    on a Chinese web site.

    Donc à prendre avec des pincettes.