On the web site I indicated that the worm would wake up on the 1st and go back to work. After further testing and letting it roll-over and run for over 12 hours, it appears that I was incorrect and that once dormant, Code Red stays that way. (Which appears to be good news.) Kudos to Chris Rouland <CRoulandat_private> and Jon Larimer <JLarimerat_private> for catching that. Thanks guys. Sorry for the confusion. --lcp On Wed, 25 Jul 2001 lcpat_private wrote: > > Per several requests, I have made these traces available at: > > http://www.bofh.sh/CodeRed/index.html > > These dumps show what the worm was trying to do when the box was infected > in each of its three stages (infect, DDos & sleep) as well as what happens > when the c:\notworm file existed on the infected server. (i.e. nothing.) > > --lcp ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Thu Jul 26 2001 - 09:06:32 PDT