Information Security News
mailing list archives
Re: Did FBI Ignore Code Red Warning?
From: InfoSec News <isn () c4i org>
Date: Fri, 7 Sep 2001 02:01:08 -0500 (CDT)
Forwarded from: "Jay D. Dyson" <jdyson () treachery net>
-----BEGIN PGP SIGNED MESSAGE-----
On Thu, 6 Sep 2001, InfoSec News wrote:
Kim Zetter, PCWorld.com
Tuesday, September 04, 2001
The Code Red threat seems to have finally halted its malicious crawl,
Not according to the logs and email reports I'm seeing! The media
*feeding frenzy* over Code Red may have finally halted it malicious
crawl, but scanning from infected hosts hasn't.
I would have to concur with Mr. Dittrich. Code Red scans are
running at a slightly elevated pitch even now, six plus weeks following
Even on my picayune systems, I'm seeing an average of one Code Red
scan every eight minutes. The scanning sites range from obviously client
systems to servers based in North and South America, Europe and Asia. All
top-level domains appear to be represented: .COM, .ORG, .MIL, .EDU, .GOV,
.NET, and even .INT (!).
As an aside, I received an email from a new user of Early Bird and
they reported 2,400 unique IP addresses attempting to infect their systems
with Code Red in the past 24 hours. If there is any slowdown, it's likely
more akin to a traffic jam than a genuine cessation of Code Red scans.
( ( _______
)) )) .--"There's always time for a good cup of coffee"--. >====<--.
C|~~|C|~~| (>------ Jay D. Dyson -- jdyson () treachery net ------<) | = |-'
`--' `--' `--- Failure is never as devastating as regret. ---' `------'
-----BEGIN PGP SIGNATURE-----
Comment: See http://www.treachery.net/~jdyson/ for current keys.
-----END PGP SIGNATURE-----
ISN is currently hosted by Attrition.org
To unsubscribe email majordomo () attrition org with 'unsubscribe isn' in the BODY
of the mail.