|
Security Incidents
mailing list archives
Re: "Code Red" worm questions
From: Brian McWilliams <bmcw () mediaone net>
Date: Wed, 18 Jul 2001 14:54:14 -0400
Check this new article about Code Red. Looks like it has some
English-specific aspects, and since it's memory resident, you can kill it
with a reboot:
http://www.newsbytes.com/news/01/168089.html
Brian
At 11:43 AM 7/18/01, w1re p4ir wrote:
I've read practically everything about this worm that has been released.
But there are a few questions that I have. First off, I know the first
exploit was written by hsj and it used the offsets for the japanesse
version of IIS. Now in this new worm, has the code been modified with US
(or other) offsets to attack english versions? I have already had a call
regarding a possible "break in attempt." with very little other
information. I would like to be able to them either they are vulnerable to
this worm or not. Thank you,
w1re
____________________________________________________
FREE Disinformation E-book - http://www.disinfo.com
----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see:
http://aris.securityfocus.com
----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see:
http://aris.securityfocus.com
 By Date 
By Thread
Current thread:
- Re: "Code Red" worm questions, (continued)
- Re: "Code Red" worm questions Brian McWilliams (Jul 18)
|
Intro
