On Sun, Aug 05, 2001 at 04:38:55AM -0400, Valdis.Kletnieksat_private wrote: > (Sorry for the cross-posting) > > Given that initial analysis of the CodeRedII worm indicates that it leaves > a backdoor laying around, I hereby request that those people who made > lists of infected hosts available last time *NOT* do so again. I have seen no checks for root.exe so far. But Nessus already has a codered_x.nasl, congrats to this speed! # special root.exe from CR2 alert tcp any any -> any 80 (msg: "CodeRedII root.exe"; flags: A+; content:"root.exe"; depth:624; classtype:attempted-admin;) Gruss -- Pluto - SysAdmin of Hades Free information! Freedom through knowledge. Wisdom for all!! =:-) PGP 1024/7261AACD 1996/09/10 1F3F EA94 D056 A686 4D19 C456 6CF9 4344 Phone: +49-173-4814739 eCash(DB): 129429938818 Q3T: js-Pluto ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Sun Aug 05 2001 - 13:16:30 PDT