here&#039;s an email i got forwarded to me this morning - i thought i&#039;d pass it along to any of you who may not have received anything similar............<BR><BR><BR>-----Original Message-----<BR>From: The SANS Institute []<BR>Sent: Sunday, July 29, 2001 4:42 PM<BR>To: XXXXXXXXXXXX<BR>Subject: SANS Security Alert. Code Red Is Set to Come Storming Back!<BR><BR><BR>-----BEGIN PGP SIGNED MESSAGE-----<BR>Hash: SHA1<BR><BR><BR>SANS Security Alert. Code Red Is Set to Come Storming Back!<BR><BR>SANS, Microsoft, the NIPC, CERT/CC and four other leading security<BR>organizations released the following alert today (Sunday, January 29)<BR>at 4 pm. EDT.<BR><BR><BR>A Very Real and Present Threat to the Internet: July 31 Deadline<BR>For Action<BR><BR>Summary: The Code Red Worm and mutations of the worm pose a continued<BR>and serious threat to Internet users. Immediate action is required<BR>to combat this threat. Users who have deployed software that is<BR>vulnerable to the worm (Microsoft IIS Versions 4.0 and 5.0) must<BR>install, if they have not done so already, a vital security patch.<BR><BR>How Big Is The Problem? On July 19, the Code Red worm infected more<BR>than 250,000 systems in just 9 hours. The worm scans the Internet,<BR>identifies vulnerable systems, and infects these systems by installing<BR>itself. Each newly installed worm joins all the others causing<BR>the rate of scanning to grow rapidly. This uncontrolled growth in<BR>scanning directly decreases the speed of the Internet and can cause<BR>sporadic but widespread outages among all types of systems. Code Red<BR>is likely to start spreading again on July 31st, 2001 8:00 PM EDT and<BR>has mutated so that it may be even more dangerous. This spread has<BR>the potential to disrupt business and personal use of the Internet<BR>for applications such as electronic commerce, email and entertainment.<BR><BR>Who Must Act? Every organization or person who has Windows NT or<BR>Windows 2000 systems AND the IIS web server software may be vulnerable.<BR>IIS is installed automatically for many applications. If you are not<BR>certain, follow the instructions attached to determine whether you<BR>are running IIS 4.0 or 5.0. If you are using Windows 95, Windows 98,<BR>or Windows Me, there is no action that you need to take in response<BR>to this alert.<BR><BR>What To Do If You Are Vulnerable?<BR><BR>a. To rid your machine of the current worm, reboot your computer.<BR>b. To protect your system from re-infection: Install Microsoft&#039;s<BR>patch for the Code Red vulnerability problem:<BR> Windows NT version 4.0:<BR><BR> Windows 2000 Professional, Server and Advanced Server:<BR><BR><BR>Step-by-step instructions for these actions are posted at<BR><BR><BR>Microsoft&#039;s description of the patch and its installation, and the<BR>vulnerability it addresses is posted at:<BR><BR>/technet/security/bulletin/MS01-033.asp<BR><BR>Because of the importance of this threat, this alert is being made<BR>jointly by:<BR><BR>Microsoft<BR>The National Infrastructure Protection Center<BR>Federal Computer Incident Response Center (FedCIRC)<BR>Information Technology Association of America (ITAA)<BR>CERT Coordination Center<BR>SANS Institute<BR>Internet Security Systems<BR>Internet Security Alliance