Reports of computer worm trigger alert
22nd July 2001 (The Sun)

PETALING JAVA. Sat: The Malaysian Computer Emergency Response Team (MyCert) is on the alert following reports of a worm that has been attacking local and foreign computers over the past two days.

The team, which received reports of the worm on Thursday; has set up a round the-clock team to assist computer users handle the attacks, it said in a statement.

MyCert said the worm resides in the computer's memory and sc~ns the network to find vulnerability in Microsoft lIS systems.

"Once a Vulnerable system is found, it then launches an attack which grants work access to the server. Once access is achieved, it will alter (or deface) the main webpage and start repeating the whole activity on other computers in the Internet," it said.

MyCert said the effect of the worm would be enormous in a network of Vulnerable computers.

The only way to recover from the attack is to apply the patch released by Microsoft and to reboot the machine.

It added: "It is highly recommended to remove the .ida and .idq files from an Microsoft lIS servers which do not require those files.

Network administrators are advised to monitor logs within their network and to identify traffic originating from internal computers which indicate that the computer has been compromised and requires immediate recovery "Refer to http:/ / for updates."