Re: code red goes on
>> >
>> >
>> > if you grep your http access log for "default.ida" (good sign
>> > of a code red attempt on an apache box)
>> >
>> > you'll see that code red has infected as many new machines in
>> > the alst two days as it did on 20 July
>
>> I have had 47 in the last 24 hrs.
>
>Please use follow-up response.
>
>Anyone noting trends between 7/20 and 8/2? I've got 30 v. 49,
>respectively. Looks like this is actually the bigger attack.
>
actually i ran http-analyze over a file i grepped out of the log
the bug only ran for a few hours in "propogate mode" on the 20th before switching to "attack mode" and went back to propogate 2 days ago (and because propogate is less damaging everyone thought it was gone)
and yes a quick look at the graph will tell you it's building into something much bigger than before
Reply to: