Re: code red goes on

To: debian-user@lists.debian.org
Subject: Re: code red goes on
From: Chris Niekel <cniekel@zonnet.nl>
Date: Mon, 6 Aug 2001 20:02:00 +0200
Message-id: <[🔎] 20010806200200.C13356@mimar.dyndns.org>
Mail-followup-to: debian-user@lists.debian.org
In-reply-to: <[🔎] Pine.LNX.4.33.0108051859050.5809-100000@inconnu.isu.edu>

On Sun, Aug 05, 2001 at 07:02:35PM -0600, John Galt wrote:
> [...]
> CodeRed2.  Nastier: it also copies cmd.exe to root.exe, and installs a
> pseudo-r00tkit.  If the IIS admins didn't learn the first time, they got
> screwed hardcore the second.  Not even a reacharound this time.

I get hit every 2 minutes. And apparently lots of computers are now
advertising that they can be remotely controlled. Wouldn't it be nice if
there were some 'hack' to send to such a server so that it gets fixed.
I've got a list of hundreds of ip's of IIS-servers almost begging for an
antidote!

My stats for today (20 hours): 601 CodeRed2's, 8 CodeRed1's. With my
cablemodem it looks like my whole country is infected. Although it's
only 268 unique ip's. CodeRed2 attempts to spread a lot more than 1.

Well, better start ignoring the output.

Greetings, 
    Chris Niekel

-- 
Geek code version 3.1:
GCS d- s++: a- C++$ ULSI++ P+(---) L+++>++++ E--- W++ N++ o K? w--- O M- 
V?>-- PS+ PE-() Y PGP+ t+>+++ 5? X- !R tv+ b DI++ D+ G>++ e+++ h--- r+++ y++++

Reply to:

Follow-Ups:
- Re: code red goes on
  - From: John Galt <galt@inconnu.isu.edu>

References:
- RE: code red goes on
  - From: John Galt <galt@inconnu.isu.edu>

Prev by Date: Re: reinstalling w2k on a dual boot system
Next by Date: Re: learning to find packages
Previous by thread: RE: code red goes on
Next by thread: Re: code red goes on
Index(es):
- Date
- Thread