Re: [ISN] Did FBI Ignore Code Red Warning?

From: InfoSec News (isnat_private)
Date: Fri Sep 07 2001 - 00:01:08 PDT

  • Next message: InfoSec News: "[ISN] NASA hacker 'rolex' jailed for four months"

    Forwarded from: "Jay D. Dyson" <jdysonat_private>
    
    -----BEGIN PGP SIGNED MESSAGE-----
    
    On Thu, 6 Sep 2001, InfoSec News wrote:
    
    > > Kim Zetter, PCWorld.com
    > > Tuesday, September 04, 2001
    > >
    > > The Code Red threat seems to have finally halted its malicious crawl,
    > 
    > Not according to the logs and email reports I'm seeing!  The media
    > *feeding frenzy* over Code Red may have finally halted it malicious
    > crawl, but scanning from infected hosts hasn't.
    
    	I would have to concur with Mr. Dittrich.  Code Red scans are
    running at a slightly elevated pitch even now, six plus weeks following
    its debut.
    
    	Even on my picayune systems, I'm seeing an average of one Code Red
    scan every eight minutes.  The scanning sites range from obviously client
    systems to servers based in North and South America, Europe and Asia.  All
    top-level domains appear to be represented: .COM, .ORG, .MIL, .EDU, .GOV,
    .NET, and even .INT (!).
    
    	As an aside, I received an email from a new user of Early Bird and
    they reported 2,400 unique IP addresses attempting to infect their systems
    with Code Red in the past 24 hours.  If there is any slowdown, it's likely
    more akin to a traffic jam than a genuine cessation of Code Red scans.
    
    - -Jay
    
      (    (                                                          _______
      ))   ))   .--"There's always time for a good cup of coffee"--.   >====<--.
    C|~~|C|~~| (>------ Jay D. Dyson -- jdysonat_private ------<) |    = |-'
     `--' `--'  `--- Failure is never as devastating as regret. ---'  `------'
    
    -----BEGIN PGP SIGNATURE-----
    Version: 2.6.2
    Comment: See http://www.treachery.net/~jdyson/ for current keys.
    
    iQCVAwUBO5eNf7lDRyqRQ2a9AQGAwQP9Fzav++yxyO4hMUS8pmSHEK3Ja8RLbFKr
    thshSoVZbYblw/uz2soCJNA7+DKhu0B/iYzNZoev7yvzPZv8NV3jKhYuN3jgUslp
    wxm4i8Wlvc2OBpSCI1pi+Jx3xbfJs2Je9chYdDddHMVZDrQjx/BiQ2+Klo+mLqUm
    6jPP6tDHE0Y=
    =j775
    -----END PGP SIGNATURE-----
    
    
    
    -
    ISN is currently hosted by Attrition.org
    
    To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY
    of the mail.
    



    This archive was generated by hypermail 2b30 : Fri Sep 07 2001 - 03:14:44 PDT