Re: Full analysis of the .ida "Code Red" worm.

From: Laurence Hand (lhandat_private)
Date: Thu Jul 19 2001 - 16:44:08 PDT

Next message: Ryan Russell: "Re: 'Code Red' does not seem to be scanning for IIS"

Previous message: Duncan Hill: "RE: 'Code Red' does not seem to be scanning for IIS"
In reply to: Marc Maiffret: "Full analysis of the .ida "Code Red" worm."
Next in thread: Ryan Russell: "Re: Full analysis of the .ida "Code Red" worm."
Reply: Ryan Russell: "Re: Full analysis of the .ida "Code Red" worm."
Reply: Pierre Vandevenne: "Re: Full analysis of the .ida "Code Red" worm."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Did anyone else see that one of Microsoft's windowsupdate.microsoft.com
servers got bit by this worm? It went away when we refreshed the screen
and presumably rolled over to another server, but it is definitely on at
least one of their servers.

I know MS watches this list, so I hope they will be checking their
servers before this starts the DDOS tomorrow.

Marc Maiffret wrote:
> 
> The following is a detailed analysis of the "Code Red" .ida worm that we
> reported on July 17th 2001.
> 
<snip>

Next message: Ryan Russell: "Re: 'Code Red' does not seem to be scanning for IIS"
Previous message: Duncan Hill: "RE: 'Code Red' does not seem to be scanning for IIS"
In reply to: Marc Maiffret: "Full analysis of the .ida "Code Red" worm."
Next in thread: Ryan Russell: "Re: Full analysis of the .ida "Code Red" worm."
Reply: Ryan Russell: "Re: Full analysis of the .ida "Code Red" worm."
Reply: Pierre Vandevenne: "Re: Full analysis of the .ida "Code Red" worm."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Thu Jul 19 2001 - 17:55:23 PDT