Code Red variants
Jeff Ogden
jogden at merit.edu
Sun Aug 5 02:48:09 UTC 2001
Do we know if anyone has looked at the code for variants of the worn
in detail recently? I've seen announcements about new versions with
better random IP address generation. Does anyone know if other
aspects of the worm are the same? Is it still set to spread itself
until the 19th and then switch to attacking the IP address that was
once www1.whitehouse.gov or are their variants with different dates
and different IP address or attack scenarios?
-Jeff
At 4:57 PM -0700 8/4/01, Lou Katz wrote:
>I'm seeing about 2:1 "XXXXXXXXXXXX" vs "NNNNNNNNNNNN" entries in today's logs.
>
>Also, I have over a factor of 20 more entries in Aug than in July.
>
>--
>
>
>-=[L]=-
More information about the NANOG
mailing list