On 10/5/2001 at 1:29 AM hvdkooijat_private wrote: >It seems CodeRed isn't dead yet. I just logged an access attempt to >default.ida from a Korean machine that seem to be infected with some >strand. > >The server reported on port 80: > >HTTP/1.1 200 OK >Server: Microsoft-IIS/5.0 >Date: Sun, 10 Jun 2001 23:22:54 GMT <--- [snip] Note that this server's date is not set properly. That is probably why it is still infected. CodeRed II is set to disable itself October 1. Best regards, Greg ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Fri Oct 05 2001 - 08:17:36 PDT