Re: Code Red gone to sleep?

From: Kath (kathat_private)
Date: Tue Oct 02 2001 - 16:37:25 PDT

  • Next message: cambriaat_private: "Re: Code Red gone to sleep?"

    Nimda attacks are actually down according to my snort sensor.
    
    - k
    
    ----- Original Message -----
    From: "Jay D. Dyson" <jdysonat_private>
    To: "Incidents List" <incidentsat_private>
    Sent: Tuesday, October 02, 2001 6:54 PM
    Subject: Code Red gone to sleep?
    
    
    > -----BEGIN PGP SIGNED MESSAGE-----
    >
    > Hi folks,
    >
    > We were discussing on the Early Bird Developers list that none of
    > us have seen any Code Red scans since September 30th.  This can only mean
    > one of four things:
    >
    > 1. Code Red has "gone to sleep,"
    >
    > 2. Code Red committed ritual seppuku and rm'd every box it
    > previously infected,
    >
    > 3. Nimda has taken over all previously infected Code Red
    > systems[*],
    >
    > 4. All the automated intrusion attempt notices finally paid
    > off and affected sites have finally shut their infected
    > systems down.
    >
    > While I'd like to believe that the silence is due to option #4,
    > experience leads me to believe that options #1 and #2 are most likely, and
    > option #3 is a close runner-up.
    >
    > - - -Jay
    >
    > * Nimda is still banging away like a nympho bunny on Spanish Fly.
    >
    >   (    (                                                         _______
    >   ))   ))   .-"There's always time for a good cup of coffee."-.
    >====<--.
    > C|~~|C|~~| (>------ Jay D. Dyson - jdysonat_private ------<) |    =
    |-'
    >  `--' `--'  `--------------- rm -rf /bin/laden ---------------'  `------'
    >
    > -----BEGIN PGP SIGNATURE-----
    > Version: 2.6.2
    > Comment: See http://www.treachery.net/~jdyson/ for current keys.
    >
    > iQCVAwUBO7o3j7lDRyqRQ2a9AQH6JgP/dBanAhC7L2O9Y0DiqXYx7sqX/dmiSmVh
    > Bd4eBI/t/01FmYBg+EV3SgFWrX/+u+JCl5soPz/ck0XQ+0YN5Lmq3ltsw1TDqwVa
    > ApyxIRhNBe3hZSpID1LnpuNuNpQm+O3ZXD/jXPRGHVnaobzjAMnPwDYNhNGHRUhV
    > wIJs3tFt6VM=
    > =yh/M
    > -----END PGP SIGNATURE-----
    >
    >
    > --------------------------------------------------------------------------
    --
    > This list is provided by the SecurityFocus ARIS analyzer service.
    > For more information on this free incident handling, management
    > and tracking system please see: http://aris.securityfocus.com
    >
    
    
    ----------------------------------------------------------------------------
    This list is provided by the SecurityFocus ARIS analyzer service.
    For more information on this free incident handling, management 
    and tracking system please see: http://aris.securityfocus.com
    



    This archive was generated by hypermail 2b30 : Tue Oct 02 2001 - 17:17:48 PDT