Re: CodeRed

From: Ryan Russell (ryanat_private)
Date: Thu Jul 19 2001 - 23:57:50 PDT

  • Next message: Stuart Staniford: "Code-Red: An analytic model of its spread"

    On Thu, 19 Jul 2001, Dragos Ruiu wrote:
    
    > I'm surprised no-one has suggested to build the
    > rapid response counter worm yet... :-)
    >
    
    The discussion has started on Bugtraq.
    
    Taking out this exact worm wouldn't be hard.  Change 1-2 bytes to change
    the check for file existance call to a create file call.  Perhaps change
    the day of the month to the 25th.  Maybe set the DDoS victim IP to
    127.0.0.1, or some volunteer address so the worms can call home.
    
    > P.s. please note that I do not express an opinion about whether
    > this is a good idea or not.... :-)
    
    It's not.
    
    					Ryan
    
    
    
    ----------------------------------------------------------------------------
    
    
    This list is provided by the SecurityFocus ARIS analyzer service.
    For more information on this free incident handling, management 
    and tracking system please see:
    
    http://aris.securityfocus.com
    



    This archive was generated by hypermail 2b30 : Fri Jul 20 2001 - 09:43:34 PDT