Code Red variants

• Previous message (by thread): Code Red II
• Next message (by thread): Code Red variants
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

securityfocus.com has several variants that use the same vulnerability 
as code red, some of them are not as "nice" as code red. By nice i mean
they 0wn the box, instead of a trivial defacement.

	-ajb
On Sat, Aug 04, 2001 at 10:48:09PM -0400, Jeff Ogden wrote:
->
->Do we know if anyone has looked at the code for variants of the worn 
->in detail recently?  I've seen announcements about new versions with 
->better random IP address generation.  Does anyone know if other 
->aspects of the worm are the same?  Is it still set to spread itself 
->until the 19th and then switch to attacking the IP address that was 
->once www1.whitehouse.gov or are their variants with different dates 
->and different IP address or attack scenarios?
->
->    -Jeff
->
->At 4:57 PM -0700 8/4/01, Lou Katz wrote:
->>I'm seeing about 2:1 "XXXXXXXXXXXX" vs "NNNNNNNNNNNN" entries in today's logs.
->>
->>Also, I have over a factor of 20 more entries in Aug than in July.
->>
->>--
->>
->>
->>-=[L]=-
---end quoted text---

-- 
Andrew Barros <abarros at tjhsst.edu>
PGP Key Fingerprint:
D3B8 0800 C45A 143E 5CF0  E112 0A1B AB36 B655 1FB8
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 232 bytes
Desc: not available
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20010804/f4ae34ce/attachment.sig>

• Previous message (by thread): Code Red II
• Next message (by thread): Code Red variants
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]