Re: Code Red gone to sleep?

From: cambriaat_private
Date: Thu Oct 04 2001 - 20:51:39 PDT

  • Next message: Seth Milder: "Weird DNS scans"

    On 10/5/2001 at 1:29 AM hvdkooijat_private wrote:
    
    >It seems CodeRed isn't dead yet. I just logged an access attempt to
    >default.ida from a Korean machine that seem to be infected with some
    >strand.
    >
    >The server reported on port 80:
    >
    >HTTP/1.1 200 OK
    >Server: Microsoft-IIS/5.0
    >Date: Sun, 10 Jun 2001 23:22:54 GMT   <---
    [snip]
    
    Note that this server's date is not set properly.  That is probably why it is still infected.  CodeRed II is set to disable itself October 1.
    
    Best regards,
    
    Greg
    
    
    
    
    
    ----------------------------------------------------------------------------
    This list is provided by the SecurityFocus ARIS analyzer service.
    For more information on this free incident handling, management 
    and tracking system please see: http://aris.securityfocus.com
    



    This archive was generated by hypermail 2b30 : Fri Oct 05 2001 - 08:17:36 PDT