I just came back from vacation and was catching up on various things, among which Code Red II. On July 2, I posted a message on this list about a side effect of sadmind/IIS where, under some configuration, root.exe was left behind in the /MSADC/ virtual folder. From the uniattack.pl script of sadmind/IIS, this side effect seems unintentionnal. I was very surprised to see that what was a side effect in sadmind/IIS is actually one of the core purpose of CR2! This leads me to think that the author of Code Red II was not only inspired by Code Red, but by sadmind/IIS as well. Also, the first side effect I mentioned in the previous post, is even more effective with Code Red I and II. Denis Normand normandat_private ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Thu Aug 09 2001 - 15:32:31 PDT