Forwarded from: "Jay D. Dyson" <jdysonat_private> -----BEGIN PGP SIGNED MESSAGE----- On Thu, 6 Sep 2001, InfoSec News wrote: > > Kim Zetter, PCWorld.com > > Tuesday, September 04, 2001 > > > > The Code Red threat seems to have finally halted its malicious crawl, > > Not according to the logs and email reports I'm seeing! The media > *feeding frenzy* over Code Red may have finally halted it malicious > crawl, but scanning from infected hosts hasn't. I would have to concur with Mr. Dittrich. Code Red scans are running at a slightly elevated pitch even now, six plus weeks following its debut. Even on my picayune systems, I'm seeing an average of one Code Red scan every eight minutes. The scanning sites range from obviously client systems to servers based in North and South America, Europe and Asia. All top-level domains appear to be represented: .COM, .ORG, .MIL, .EDU, .GOV, .NET, and even .INT (!). As an aside, I received an email from a new user of Early Bird and they reported 2,400 unique IP addresses attempting to infect their systems with Code Red in the past 24 hours. If there is any slowdown, it's likely more akin to a traffic jam than a genuine cessation of Code Red scans. - -Jay ( ( _______ )) )) .--"There's always time for a good cup of coffee"--. >====<--. C|~~|C|~~| (>------ Jay D. Dyson -- jdysonat_private ------<) | = |-' `--' `--' `--- Failure is never as devastating as regret. ---' `------' -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: See http://www.treachery.net/~jdyson/ for current keys. iQCVAwUBO5eNf7lDRyqRQ2a9AQGAwQP9Fzav++yxyO4hMUS8pmSHEK3Ja8RLbFKr thshSoVZbYblw/uz2soCJNA7+DKhu0B/iYzNZoev7yvzPZv8NV3jKhYuN3jgUslp wxm4i8Wlvc2OBpSCI1pi+Jx3xbfJs2Je9chYdDddHMVZDrQjx/BiQ2+Klo+mLqUm 6jPP6tDHE0Y= =j775 -----END PGP SIGNATURE----- - ISN is currently hosted by Attrition.org To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY of the mail.
This archive was generated by hypermail 2b30 : Fri Sep 07 2001 - 03:14:44 PDT