Check this new article about Code Red. Looks like it has some English-specific aspects, and since it's memory resident, you can kill it with a reboot: http://www.newsbytes.com/news/01/168089.html Brian At 11:43 AM 7/18/01, w1re p4ir wrote: >I've read practically everything about this worm that has been released. >But there are a few questions that I have. First off, I know the first >exploit was written by hsj and it used the offsets for the japanesse >version of IIS. Now in this new worm, has the code been modified with US >(or other) offsets to attack english versions? I have already had a call >regarding a possible "break in attempt." with very little other >information. I would like to be able to them either they are vulnerable to >this worm or not. Thank you, >w1re > >____________________________________________________ >FREE Disinformation E-book - http://www.disinfo.com > > >---------------------------------------------------------------------------- > > >This list is provided by the SecurityFocus ARIS analyzer service. >For more information on this free incident handling, management >and tracking system please see: > >http://aris.securityfocus.com ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Wed Jul 18 2001 - 13:53:01 PDT