This threat is designed to attack Microsoft IIS servers across networks. It uses an exploit to gain access to the IIS server, and then install itself there. Once installed, it will seek other IIS servers across the network using a random IP generator. The exploit used by this worm is corrected using update patch MS01-044 from Microsoft.

Recommended Action

  • Check the main screen using the web interface for your FortiGate unit to ensure that the latest AV/NIDS database has been downloaded and installed on your system - if required, enable the "Allow Push Update" option