(The following article has been automatically mirrored from MOTD)
(Posted by Alexis Rosen) Sat, Jan 25 2003 -- 12:35 PM --------------------------------------------------------------------------- We think we've managed to deal with most of the problems caused by this attack, and we hope that we'll be impervious to further attack. We now know what caused the attack- it wasn't a directed attack, but rather the result of an extremely virulent worm making use of vulnerabilities in MicroSoft's SQL server.
The big problem with the worm was that it tickled at least two critical bugs in Cisco's router software ("IOS"). This made diagnosing and fixing the problem extremely difficult.
Everything is pretty much back to normal, with the exception of a very few high-risk services (we're being careful with customer co-located machines that run SQL server). There may be a few short glitches over the next day as we replace some band-aids with real fixes. We'll announce anything that we think will last more than a few seconds.
--- Public Access Internet & UNIX [panix.com]