Possible New Variant of Code Red
Results 1 to 3 of 3

Thread: Possible New Variant of Code Red

  1. #1
    Member GandalfTheGray's Avatar
    Join Date
    Jan 2003
    Posts
    96

    Possible New Variant of Code Red

    Note below clipped from notification received by e-mail



    -----Original Message-----
    From: Russ [mailto:Russ.Cooper@RC.ON.CA]
    Sent: Tuesday, March 11, 2003 1:28 PM
    To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM
    Subject: Alert: New Code Red F worming its way through the 'net


    FYI, at 10:15am EST this morning WormCatcher detected a new variant of Code
    Red, called Code.Red.F, worming its way through hosts from Finland, the
    U.S., and Australia. Since then it has continued, slowly, infecting more
    hosts around the globe.

    The infection method is the same as the original Code Red, so the
    protections are the same;

    - Remove IIS from the box completely
    - Remove Script Mappings, particularly .IDA mappings
    - Patch (MS01-033)

    Too bad ISPs don't block access to attacking IIS boxes the way they did with
    Slammer. This version appears to eliminate or change the drop-dead date that
    previous versions of Code Red had.

    If you're interested in WormCatcher, check out;

    http://www.ntbugtraq.com/wormcatcher.asp

    Cheers,
    Russ - Surgeon General of TruSecure Corporation/NTBugtraq Editor "My
    thoughts are facts in my world, opinion to you. YMMV"

    Some other information indicates the following possibilities

    the cutoff date may have been removed
    the string is slightly different

  2. #2
    Senior Member
    Join Date
    Nov 2001
    Posts
    4,786
    the same people with the same unpatched servers. maybe the virus writers would do the world a favor and swipe the hard drives of these morons clean and leave our bandwidth alone. what has it been three years now? they have no interest in patching.
    Bukhari:V3B48N826 “The Prophet said, ‘Isn’t the witness of a woman equal to half of that of a man?’ The women said, ‘Yes.’ He said, ‘This is because of the deficiency of a woman’s mind.’”

  3. #3
    AntiOnline Newbie
    Join Date
    Apr 2002
    Posts
    178
    I have to agree. I find it very disheartening that the IT job market is declining, yet we continue to see time and time again that there are too many ignorant Admins out there who refuse to patch and take the necessary precautions. But then again, if their bosses were educated enough to know their Admins were ignorant and lazy, there'd be more jobs available...


    Originally posted here by Tedob1
    the same people with the same unpatched servers. maybe the virus writers would do the world a favor and swipe the hard drives of these morons clean and leave our bandwidth alone. what has it been three years now? they have no interest in patching.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •