If the fix from Microsoft, issued back in Oct. 2000 was installed, would servers be infected?

I get the impression that it works like this:

- If you're running IIS, and the server hasn't been patched, the server can be infected from the web.

- If you're not running IIS, but someone on your internal network connects to an infected server, they might spread it on your internal network if they execute the file the server offers them.

- The virus can also be spread via e-mail executables.

Although the details at the web sites are still sketchy, I have just issued this message to my LAN users:

In reply to:

---

More information on the new worm has been posted at the Network Associates (McAffe) site:

http://vil.nai.com/vil/virusSummary.asp?virus_k=99209

One of the things that the virus apparently does is to alter your SYSTEM.INI file. The line:

Shell=explorer.exe

Gets changed to

Shell=explorer.exe load.exe -dontrunold

If your machine appears to be behaving strangely or slowly, please check your system.ini file. If you find this alteration, please let me know so that I can gauge if there is any possible threat to our internal network.

Note that the Shell= line might not exist on some NT/2K systems. This is OK. It's only the altered version that indicates the presence of the virus.

---

___________
Tony Fabris