Re: 'Code Red' does not seem to be scanning for IIS

From: Ryan Russell (ryanat_private)
Date: Thu Jul 19 2001 - 16:14:43 PDT

Next message: Tony Langdon: "RE: 'Code Red' does not seem to be scanning for IIS"

Previous message: Laurence Hand: "Re: Full analysis of the .ida "Code Red" worm."
In reply to: Mike Brockman: "'Code Red' does not seem to be scanning for IIS"
Next in thread: Tony Langdon: "RE: 'Code Red' does not seem to be scanning for IIS"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thu, 19 Jul 2001, Mike Brockman wrote:

> >From what i read about the 'Code Red'-worm, it was supposed to be scanning
> for IIS-servers. It obviously is'nt, i believe it tries to infect
> everything they find on port 80, or something as simple as that.
>

Run nc -l -p 80 > worm, and you'll get a copy.  It's not scanning
in any sense, it just tries a connect, and sends the string.

				Ryan

Next message: Tony Langdon: "RE: 'Code Red' does not seem to be scanning for IIS"
Previous message: Laurence Hand: "Re: Full analysis of the .ida "Code Red" worm."
In reply to: Mike Brockman: "'Code Red' does not seem to be scanning for IIS"
Next in thread: Tony Langdon: "RE: 'Code Red' does not seem to be scanning for IIS"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Thu Jul 19 2001 - 17:56:31 PDT