On Sunday, August 05, 2001 5:24 AM, Marc Maiffret wrote: > This worm, like the original Code Red worm, will only exploit Windows 2000 > web servers because it overwrites EIP with a jmp that is only correct under > Windows 2000. Under NT4.0 etc... that offset is different so, the process > will simply crash instead of allowing the worm to infect the system and > spread. Correct me if I'm wrong, but shouldn't the first sentence read: "This worm, unlike the original Code Red worm..." ^^ The original Code Red worm affected both Windows NT and Windows 2000 systems running IIS4 and IIS5. Michael Katz mikeat_private Responsible Solutions, Ltd. ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Sun Aug 05 2001 - 11:58:53 PDT