Re: Full analysis of the .ida "Code Red" worm.

From: Pierre Vandevenne (pierreat_private)
Date: Thu Jul 19 2001 - 19:08:06 PDT

Next message: Vern Paxson: "Re: [BUGTRAQ] Full analysis of the .ida "Code Red" worm."

Previous message: Darrell Hyde: "RE: Microsoft IIS problems (Current)"
In reply to: Laurence Hand: "Re: Full analysis of the .ida "Code Red" worm."
Next in thread: JNJ: "Re: Full analysis of the .ida "Code Red" worm."
Reply: JNJ: "Re: Full analysis of the .ida "Code Red" worm."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thu, 19 Jul 2001 16:44:08 -0700, Laurence Hand wrote:

>Did anyone else see that one of Microsoft's windowsupdate.microsoft.com
>servers got bit by this worm? It went away when we refreshed the screen
>and presumably rolled over to another server, but it is definitely on at
>least one of their servers.

Confirmed. Here's a "souvenir"

http://www.datarescue.com/fprot/virinfo/hackedbychinese.gif

This DOES raise some pretty fundamental questions about the security of
all the infrastructure, because, in theory the compromised servers
_could_ have been exploited more extensively and _could_ be delivering
nastily compromised stuff around. I have no reason to believe it has
happened, but still...

---
Pierre Vandevenne - DataRescue : home of the IDA Pro Disassembler  
Advanced tools for the IT Security Industry. www.datarescue.com/idabase/
SM CF and MS Picture Recovery Software www.datarescue.com/photorescue/

Next message: Vern Paxson: "Re: [BUGTRAQ] Full analysis of the .ida "Code Red" worm."
Previous message: Darrell Hyde: "RE: Microsoft IIS problems (Current)"
In reply to: Laurence Hand: "Re: Full analysis of the .ida "Code Red" worm."
Next in thread: JNJ: "Re: Full analysis of the .ida "Code Red" worm."
Reply: JNJ: "Re: Full analysis of the .ida "Code Red" worm."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Thu Jul 19 2001 - 21:58:09 PDT