North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Code Red variants

  • From: Andrew Barros
  • Date: Sat Aug 04 23:51:41 2001

securityfocus.com has several variants that use the same vulnerability 
as code red, some of them are not as "nice" as code red. By nice i mean
they 0wn the box, instead of a trivial defacement.

	-ajb
On Sat, Aug 04, 2001 at 10:48:09PM -0400, Jeff Ogden wrote:
->
->Do we know if anyone has looked at the code for variants of the worn 
->in detail recently?  I've seen announcements about new versions with 
->better random IP address generation.  Does anyone know if other 
->aspects of the worm are the same?  Is it still set to spread itself 
->until the 19th and then switch to attacking the IP address that was 
->once www1.whitehouse.gov or are their variants with different dates 
->and different IP address or attack scenarios?
->
->    -Jeff
->
->At 4:57 PM -0700 8/4/01, Lou Katz wrote:
->>I'm seeing about 2:1 "XXXXXXXXXXXX" vs "NNNNNNNNNNNN" entries in today's logs.
->>
->>Also, I have over a factor of 20 more entries in Aug than in July.
->>
->>--
->>
->>
->>-=[L]=-
---end quoted text---

-- 
Andrew Barros <[email protected]>
PGP Key Fingerprint:
D3B8 0800 C45A 143E 5CF0  E112 0A1B AB36 B655 1FB8

Attachment: pgp00001.pgp
Description: PGP signature