North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Code Red variants

  • From: Jeff Ogden
  • Date: Sat Aug 04 22:58:56 2001

Do we know if anyone has looked at the code for variants of the worn in detail recently? I've seen announcements about new versions with better random IP address generation. Does anyone know if other aspects of the worm are the same? Is it still set to spread itself until the 19th and then switch to attacking the IP address that was once or are their variants with different dates and different IP address or attack scenarios?


At 4:57 PM -0700 8/4/01, Lou Katz wrote:
I'm seeing about 2:1 "XXXXXXXXXXXX" vs "NNNNNNNNNNNN" entries in today's logs.

Also, I have over a factor of 20 more entries in Aug than in July.