Re: "Code Red" worm questions

From: Nathan W. Labadie (nateat_private)
Date: Wed Jul 18 2001 - 10:13:57 PDT

  • Next message: Jose Nazario: "Re: streams of fragments..."

    It can definitely hit the english version. In the last 12 hours I've 
    seen 6 machines (running the US english version) that have become 
    infected with the worm.
    
    On Wednesday 18 July 2001 11:43 am, you wrote:
    > I've read practically everything about this worm that has been
    > released. But there are a few questions that I have. First off, I
    > know the first exploit was written by hsj and it used the offsets for
    > the japanesse version of IIS. Now in this new worm, has the code been
    > modified with US (or other) offsets to attack english versions? I
    > have already had a call regarding a possible "break in attempt." with
    > very little other information. I would like to be able to them either
    > they are vulnerable to this worm or not. Thank you, w1re
    >
    > ____________________________________________________
    > FREE Disinformation E-book - http://www.disinfo.com
    >
    >
    > ---------------------------------------------------------------------
    >-------
    >
    >
    > This list is provided by the SecurityFocus ARIS analyzer service.
    > For more information on this free incident handling, management
    > and tracking system please see:
    >
    > http://aris.securityfocus.com
    
    -- 
    Nathan W. Labadie       | nateat_private	
    Sr. Security Specialist | 313/577.2126
    Wayne State University  | 313/577.5626 fax
    GPG Key: http://ucomm.wayne.edu/~nate/gpg_key.asc
    
    
    ----------------------------------------------------------------------------
    
    
    This list is provided by the SecurityFocus ARIS analyzer service.
    For more information on this free incident handling, management 
    and tracking system please see:
    
    http://aris.securityfocus.com
    



    This archive was generated by hypermail 2b30 : Wed Jul 18 2001 - 10:45:17 PDT