North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical FW: Code red- Returning?
I think this shouldgo here.. Mistype nanog.... Jim >-----Original Message----- >From: Johannes Ullrich [mailto:[email protected]] >Sent: Tuesday, March 18, 2003 1:10 PM >To: McBurnett, Jim >Cc: [email protected] >Subject: Re: Code red- Returning? > > > > >Yes. This month, we are tracking about twice as many sources as usual >scanning port 80. The likely reason is the release of Code Red >F earlier >this month. > >graph of port 80 activity for the last 2+months: >ttp://www.dshield.org/port_report.php?port=80&days=70 > > >In addition, there are some spikes in the number of targets >scanned, which >could be target list acquisitions for the next big thing >(maybe the WebDav >exploit). > >AFAIK, the only difference for Code Red F is that it changed >the 'cut off year' >at which it will stop scanning. So it probably infected some >machines that due >to clock settings where not infected by the other versions. >But I haven't had >a chance to look at it in detail. > > > >On Tue, 18 Mar 2003 12:50:17 -0500 >"McBurnett, Jim" <[email protected]> wrote: > >> Has anyone out there noticed an increase in a Code-Red >patterned virus? >> I know about the Microsoft bug that came out yesterday/last night. >> But I am seeing the same symptoms as Code Red, >> 800+ hits in the last 12 hours, from the same Class A >network I am on. >> The amount is increasing per hour.. >> It started with 50 the first hour and now it just about 150 >an hour... >> >> Thoughts? >> >> thanks, >> Jim >> >> >> > > >-- >-------------------------------------------------------------------- >[email protected] Collaborative Intrusion Detection > join http://www.dshield.org >
|