Moderator: My webserver has logged CodeGreen hits, so I feel I have the right to respond to this admittedly wasted thread. If nothing else...please afford me the opportunity to speak to the world without resorting to strange GET requests in everyone's webserver logs. > Does anyone realize what a bad idea it is to release worms like this in > the first place, regardless of wheatehr or nto they mean well? Obviously not... 195.224.242.248 - - [04/Sep/2001:19:00:30 -0400] "GET /default.ida?Code_Green_<I_like_the_colour-_-><AntiCo deRed-CodeRedIII-IDQ_Patcher>_V1.0_beta_written_by_'D er_HexXer'-Wuerzburg_Germany-_is_dedicated_to_my_sist erli_'Doro'.Save_Whale_and_visit_<www.buhaboard.de>_a nd_<www.buha-security.de>%u9090%u6858%ucbd3%u7801%u90 90%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u9 090%u8190%u00c3%u0003%u8b00%u531b%u53ff%u0078%u0000%u 00=a HTTP/1.0" 404 1442 "-" "-" Logs deliberately not sanitized... Thanks but no thanks 195.224.242.248, I don't need any help securing this system. It is not now, nor was it ever, vulnerable to Code Red. > CodeGreen from my understanding does random scanning like Code Red and is Apparently so, as this is an Apache server... > 2) Traffic caused by Code Red brings down routers and > printers and it even can cause Cisco 2500 series routers (from experience, > costly ones) to run out of memory and cease functioning until a reboot. Can't confirm this, but I wouldn't be surprised to find similar problems with Code Green. > 3) It's illegal. Just as Code Red gaims unauthorized access to systems, > so does this worm. Not much doubt about that. The beauty is, we know who the author of this is. He claimed responsibility publicly. > 8) Go to hell. I was thinking the same thing... <TONGUE IN CHEEK> As far as I'm concerned, this is a "log defacement". It's bad enough having to parse through all the XXXXXXXXXX / NNNNNNNNN / AAAAAAAAAAA / VVVVVVVVVVVV entries without adding "_is_dedicated_to_my_sisterli_'Doro'.Save_Whale" to the list. What the hell is that all about anyway??? </TONGUE IN CHEEK> -- Jonathan Rickman X Corps Security http://www.xcorps.net
This archive was generated by hypermail 2b30 : Wed Sep 05 2001 - 20:06:51 PDT