It looks like someone took the payload from the .printer worm and stuck it in Red Code. The "fuck CHINA Government" is akin to the "fuck US Government" defacemnet that went around in the .printer worm. Just a thought -Blake ================================================================= The Government, like diapers, should be replaced regularly, and often for the same reasons. On Wed, 1 Aug 2001, Scott Wunsch wrote: > Glancing at my Apache logs, I noticed what looked like a typical Code Red > hit at 11:50:59 CST from 61.141.213.162 (which resolves to a name in .cn). > I fired up my web browser and pointed it at that IP, wondering whether it > was defaced by CRv1, or looked normal (i.e., CRv2). > > It appears likely to be defaced, all right, but not with the usual CRv1 > message. Could we have yet another new strain out there? > > In case the box has been cleaned up, I mirrored the defaced page at > <http://www.wunsch.org/mirrors/codered/>. The text is as follows, in red > on a black background: > > > fuck CHINA Government > > > > fuck PoizonBOx > > > > contact:sysadmcnat_private > > -- > Take care, > Scott \\'unsch > > ... St... St... Stu... St... Stuttering Ta... Tagline. > ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Wed Aug 01 2001 - 12:17:41 PDT