"Code Red" worm questions

• Previous message: measlat_private: "Http scanning for cgi based mail-relays."
• Next in thread: Nathan W. Labadie: "Re: "Code Red" worm questions"
• Reply: Nathan W. Labadie: "Re: "Code Red" worm questions"
• Reply: Chris Keladis: "Re: "Code Red" worm questions"
• Reply: Marc Maiffret: "RE: "Code Red" worm questions"
• Reply: Brian McWilliams: "Re: "Code Red" worm questions"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

I've read practically everything about this worm that has been released. But there are a few questions that I have. First off, I know the first exploit was written by hsj and it used the offsets for the japanesse version of IIS. Now in this new worm, has the code been modified with US (or other) offsets to attack english versions? I have already had a call regarding a possible "break in attempt." with very little other information. I would like to be able to them either they are vulnerable to this worm or not. Thank you,
w1re

____________________________________________________
FREE Disinformation E-book - http://www.disinfo.com


----------------------------------------------------------------------------


This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see:

http://aris.securityfocus.com

• Next message: Gamble: "Re: streams of fragments..."
• Previous message: measlat_private: "Http scanning for cgi based mail-relays."
• Next in thread: Nathan W. Labadie: "Re: "Code Red" worm questions"
• Reply: Nathan W. Labadie: "Re: "Code Red" worm questions"
• Reply: Chris Keladis: "Re: "Code Red" worm questions"
• Reply: Marc Maiffret: "RE: "Code Red" worm questions"
• Reply: Brian McWilliams: "Re: "Code Red" worm questions"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Wed Jul 18 2001 - 10:02:58 PDT