North American Network Operators Group|
Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical
Re: Code Red variants
Do we know if anyone has looked at the code for variants of the worn in detail recently? I've seen announcements about new versions with better random IP address generation. Does anyone know if other aspects of the worm are the same? Is it still set to spread itself until the 19th and then switch to attacking the IP address that was once www1.whitehouse.gov or are their variants with different dates and different IP address or attack scenarios?
At 4:57 PM -0700 8/4/01, Lou Katz wrote:
I'm seeing about 2:1 "XXXXXXXXXXXX" vs "NNNNNNNNNNNN" entries in today's logs. Also, I have over a factor of 20 more entries in Aug than in July. -- -=[L]=-