Denis Normand <normandat_private> wrote: > On July 2, I posted a message on this list about a side effect of > sadmind/IIS where, under some configuration, root.exe was left behind in > the /MSADC/ virtual folder. From the uniattack.pl script of sadmind/IIS, > this side effect seems unintentionnal. I was very surprised to see that > what was a side effect in sadmind/IIS is actually one of the core > purpose of CR2! > > This leads me to think that the author of Code Red II was not only > inspired by Code Red, but by sadmind/IIS as well. ...except that the "copy cmd.exe to root.exe" payload is entirely unnecessary give the much larger backdoor that it opens up... -- Nick FitzGerald Computer Virus Consulting Ltd. Ph/FAX: +64 3 3529854 ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Fri Aug 10 2001 - 07:42:54 PDT