Re: Code Red gone to sleep?

From: cambriaat_private
Date: Thu Oct 04 2001 - 20:51:39 PDT

  • Next message: Seth Milder: "Weird DNS scans"

    On 10/5/2001 at 1:29 AM hvdkooijat_private wrote:
    >It seems CodeRed isn't dead yet. I just logged an access attempt to
    >default.ida from a Korean machine that seem to be infected with some
    >The server reported on port 80:
    >HTTP/1.1 200 OK
    >Server: Microsoft-IIS/5.0
    >Date: Sun, 10 Jun 2001 23:22:54 GMT   <---
    Note that this server's date is not set properly.  That is probably why it is still infected.  CodeRed II is set to disable itself October 1.
    Best regards,
    This list is provided by the SecurityFocus ARIS analyzer service.
    For more information on this free incident handling, management 
    and tracking system please see:

    This archive was generated by hypermail 2b30 : Fri Oct 05 2001 - 08:17:36 PDT