Re: "Code Red" worm questions

From: Brian McWilliams (bmcwat_private)
Date: Wed Jul 18 2001 - 11:54:14 PDT

  • Next message: Marc Maiffret: "RE: "Code Red" worm questions"

    Check this new article about Code Red.  Looks like it has some 
    English-specific aspects, and since it's memory resident, you can kill it 
    with a reboot:
    
    http://www.newsbytes.com/news/01/168089.html
    
    Brian
    
    
    At 11:43 AM 7/18/01, w1re p4ir wrote:
    >I've read practically everything about this worm that has been released. 
    >But there are a few questions that I have. First off, I know the first 
    >exploit was written by hsj and it used the offsets for the japanesse 
    >version of IIS. Now in this new worm, has the code been modified with US 
    >(or other) offsets to attack english versions? I have already had a call 
    >regarding a possible "break in attempt." with very little other 
    >information. I would like to be able to them either they are vulnerable to 
    >this worm or not. Thank you,
    >w1re
    >
    >____________________________________________________
    >FREE Disinformation E-book - http://www.disinfo.com
    >
    >
    >----------------------------------------------------------------------------
    >
    >
    >This list is provided by the SecurityFocus ARIS analyzer service.
    >For more information on this free incident handling, management
    >and tracking system please see:
    >
    >http://aris.securityfocus.com
    
    
    
    ----------------------------------------------------------------------------
    
    
    This list is provided by the SecurityFocus ARIS analyzer service.
    For more information on this free incident handling, management 
    and tracking system please see:
    
    http://aris.securityfocus.com
    



    This archive was generated by hypermail 2b30 : Wed Jul 18 2001 - 13:53:01 PDT