Re: A new Code Red variant

From: Scott Wunsch (bugtraqat_private)
Date: Wed Aug 01 2001 - 12:15:35 PDT

Next message: Delaney, Gavin J (EASD, IT): "RE: Possible method to prevent spread of CodeRed and other simila r wo rms"

Previous message: Russell Fulton: "Re: Full Plate of Crow"
In reply to: Andrew Cardwell: "RE: A new Code Red variant"
Next in thread: jason: "Re: A new Code Red variant"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, 01-Aug-2001 at 20:03:05 +0200, Andrew Cardwell wrote:

> Interestingly when I view this page my virus checker (Norton) says that the
> backdoor sadmind.dr is included in the temporary files downloaded when I
> viewed the webpage (IE).
> 
> Scott - you may want to check your mirror.

It's plain old HTML.  It sounds like several anti-virus packages out there
have included a signature for the *HTML defacement page* produced by the
sadmind worm.  It's interesting behaviour on the part of the anti-virus
companies, but the page itself should be harmless.

On Wed, 01-Aug-2001 at 20:07:38 +0200, Andrew Cardwell wrote:

> Some further information... do you have a Solaris box at
> http://www.wunsch.org/?

Nope.

-- 
Take care,
Scott \\'unsch

... What a nice night for an evening!

application/pgp-signature attachment: stored

Next message: Delaney, Gavin J (EASD, IT): "RE: Possible method to prevent spread of CodeRed and other simila r wo rms"
Previous message: Russell Fulton: "Re: Full Plate of Crow"
In reply to: Andrew Cardwell: "RE: A new Code Red variant"
Next in thread: jason: "Re: A new Code Red variant"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Wed Aug 01 2001 - 12:54:06 PDT