Code Red variants

• Previous message (by thread): Code Red variants
• Next message (by thread): Code Red II
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Do we know if anyone has looked at the code for variants of the worn 
in detail recently?  I've seen announcements about new versions with 
better random IP address generation.  Does anyone know if other 
aspects of the worm are the same?  Is it still set to spread itself 
until the 19th and then switch to attacking the IP address that was 
once www1.whitehouse.gov or are their variants with different dates 
and different IP address or attack scenarios?

    -Jeff

At 4:57 PM -0700 8/4/01, Lou Katz wrote:
>I'm seeing about 2:1 "XXXXXXXXXXXX" vs "NNNNNNNNNNNN" entries in today's logs.
>
>Also, I have over a factor of 20 more entries in Aug than in July.
>
>--
>
>
>-=[L]=-

• Previous message (by thread): Code Red variants
• Next message (by thread): Code Red II
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]