[Sca-cooks] Re: modem foo, OT
Siegfried Heydrich
baronsig at peganet.com
Fri Aug 10 13:35:45 PDT 2001
Actually, Code Red II is already in the wild - below is a clip from
NetSurfer concerning this, and also links for additional information. If you
don't have a firewall already, GET ONE!
Sieggy
*****************************
Mutated Code Red II Worm
Somebody has rewritten the Web exploit that affects Microsoft Web servers to
be both more aggressive and more destructive. It is reportedly hitting cable
DSL users hard, lighting up their modems like Christmas trees as it pings
them while searching for new machines to infect. The new variant is also
installing back doors on infected systems, which allows crackers to control
the machines. Wired has an overview, while Newsforge has an article on the
technical community's response. This includes rude Perl code and makes known
that your firewall log gives you a list of infected machines that you can
happily exploit to your heart's content - all of a sudden we have a flood of
hackable machines open to anyone with a modest knowledge of Windows. In
effect, Code Red II implemented a nifty new way to passively obtain a list
of compromised machines. Look for more use of this technology in future
worms.
Wired: http://www.wired.com/news/technology/0,1282,45847,00.html
Newsforge:
http://www.newsforge.com/article.pl?sid=01/08/07/1437202&mode=nested
----- Original Message -----
> As I said "Your Mileage May Vary"... Unix person. Good for those that
listen
> to the warnings that Code Red[s] will strike, and downloaded the patch
from
> MS before the drop dead date. Even MS's own Hotmail got the Bug [duh].
ISP's
> with the wrong date [Yup] inside their machine will crack another rash of
> Code's running about. Is there a Code Red 3 waiting to hatch?
More information about the Sca-cooks
mailing list