It appears than I was mistaken when I said earlier that I was wrong... Poor testing methodology led me to the quoted conclusion and incorrect results. Most of you will have seen the CERT advisory by now indiciating that worm wakes back up on the 1st. Yup. Sure does. Seems the first time I ran it I had c:\notworm in place. Basically ended up using a dirty petri dish and got bad results. Sometime tonight I hope to have the wakeup trace up at http://www.bofh.sh/CodeRed along with the others. Sorry ... if anyone needs me I'll be the one standing in the corner, --lcp On Thu, 26 Jul 2001, L. Christopher Paul wrote: > > On the web site I indicated that the worm would wake up on the 1st and go > back to work. > > After further testing and letting it roll-over and run for over 12 hours, > it appears that I was incorrect and that once dormant, Code Red stays that > way. (Which appears to be good news.) > > Kudos to Chris Rouland <CRoulandat_private> and Jon Larimer > <JLarimerat_private> for catching that. Thanks guys. > > Sorry for the confusion. > > --lcp ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Sun Jul 29 2001 - 09:27:42 PDT