Re: [BUGTRAQ] Full analysis of the .ida "Code Red" worm.

• Previous message: Johannes B. Ullrich: "Re: Mitigating some of the effects of the Code Red worm"
• In reply to: Vern Paxson: "Re: [BUGTRAQ] Full analysis of the .ida "Code Red" worm."
• Next in thread: Aaron C. Newman: "Oracle Vulnerability Discovered in OID"
• Next in thread: Tony Langdon: "Re: [BUGTRAQ] Full analysis of the .ida "Code Red" worm."
• Reply: Aaron C. Newman: "Oracle Vulnerability Discovered in OID"
• Reply: Jerome Alet: "Re: [BUGTRAQ] Full analysis of the .ida "Code Red" worm."
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Vern Paxson <vernat_private> wrote:

> Date:        Thu, 19 Jul 2001 17:35:48 PDT
> 
> > It appears that the worm is at this time somewhat contained
> 
> A colleague has pointed out that this may be because it's now
> already reached all of the easily-reachable, infectable servers.

Note your posting time and assuming the TZ is correct...

No -- it is "constrained" because it has reached the *UTC date* (not 
time as initially reported) when it is programmed to switch from 
"spread like crazy" mode to "DoS one of the IPs that was part of 
www.whitehouse.gov" mode.  In about ten days it will flick back to 
the "spread like crazy" mode.


Regards,

Nick FitzGerald

• Next message: Andrew Hatfield: "RE: Safe(?) testing for idq.dll vulnerability"
• Previous message: Johannes B. Ullrich: "Re: Mitigating some of the effects of the Code Red worm"
• In reply to: Vern Paxson: "Re: [BUGTRAQ] Full analysis of the .ida "Code Red" worm."
• Next in thread: Aaron C. Newman: "Oracle Vulnerability Discovered in OID"
• Next in thread: Tony Langdon: "Re: [BUGTRAQ] Full analysis of the .ida "Code Red" worm."
• Reply: Aaron C. Newman: "Oracle Vulnerability Discovered in OID"
• Reply: Jerome Alet: "Re: [BUGTRAQ] Full analysis of the .ida "Code Red" worm."
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Thu Jul 19 2001 - 23:04:00 PDT