RE: CodeRedII attempts from Cable/DSL/dial-ups

From: Srdjan Nikolic (srdjanat_private)
Date: Mon Aug 06 2001 - 01:39:12 PDT

Next message: Tim Hollebeek: "RE: What use is the NIPC?"

Previous message: Homer Wilson Smith: "Re: CR vs. CoreBuilder"
In reply to: Ben N. Venzke: "CodeRedII attempts from Cable/DSL/dial-ups"
Next in thread: Guilherme Mesquita: "Re: CodeRedII attempts from Cable/DSL/dial-ups"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> If CodeRedII can only infect Windows 2000 boxes running IIS, why all
> of the CodeRedII infection attempts from what appear to be DSL, cable
> modem and dial-up boxes?
>
> I could see running a small server on a DSL line but are there really
> that many people running IIS on a 56k dial-up.
>

Unfortunately, there is a number of people out there that are inadvertendly
running IIS on their W2K professional desktops and they don't even know it.
Who knows how PC vendors install Win2K Professional? Some would do a full
install with full bells & whistles (including IIS) so that customers/users
don't bother them later?

Scary, huh?

Srdjan Nikolic
Melbourne, Australia



----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

Next message: Tim Hollebeek: "RE: What use is the NIPC?"
Previous message: Homer Wilson Smith: "Re: CR vs. CoreBuilder"
In reply to: Ben N. Venzke: "CodeRedII attempts from Cable/DSL/dial-ups"
Next in thread: Guilherme Mesquita: "Re: CodeRedII attempts from Cable/DSL/dial-ups"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Mon Aug 06 2001 - 12:14:09 PDT