--On Thursday, August 09, 2001 5:09 PM -0400 "Stephen W. Thompson" <thompsonat_private> wrote: > > If I'm correct, that implies a) sadmind/IIS is more prevalent than > we'd realized and, possibly b) that there might be a variant of > sadmind/IIS that succeeds on non-Solaris machines unlike the original > variant. Any corroboration on (b) from anyone? > The "signature" of Poisonworm is pretty obvious, and if we were seeing it, our IDS would be alerting on it. I haven't seen much of it for a while. It seems to have died off a short while after Code Red A became active. > En paz, > Steve, (tired) security analyst Yeah, no kidding. Paul L. Schmehl, paulsat_private http://www.utdallas.edu/~pauls/ Supervisor, Support Services The University of Texas at Dallas AVIEN Founding Member ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Fri Aug 10 2001 - 07:33:20 PDT