Home page logo

isn logo Information Security News mailing list archives

Re: Did FBI Ignore Code Red Warning?
From: InfoSec News <isn () c4i org>
Date: Fri, 7 Sep 2001 02:01:08 -0500 (CDT)

Forwarded from: "Jay D. Dyson" <jdyson () treachery net>


On Thu, 6 Sep 2001, InfoSec News wrote:

Kim Zetter, PCWorld.com
Tuesday, September 04, 2001

The Code Red threat seems to have finally halted its malicious crawl,

Not according to the logs and email reports I'm seeing!  The media
*feeding frenzy* over Code Red may have finally halted it malicious
crawl, but scanning from infected hosts hasn't.

        I would have to concur with Mr. Dittrich.  Code Red scans are
running at a slightly elevated pitch even now, six plus weeks following
its debut.

        Even on my picayune systems, I'm seeing an average of one Code Red
scan every eight minutes.  The scanning sites range from obviously client
systems to servers based in North and South America, Europe and Asia.  All
top-level domains appear to be represented: .COM, .ORG, .MIL, .EDU, .GOV,
.NET, and even .INT (!).

        As an aside, I received an email from a new user of Early Bird and
they reported 2,400 unique IP addresses attempting to infect their systems
with Code Red in the past 24 hours.  If there is any slowdown, it's likely
more akin to a traffic jam than a genuine cessation of Code Red scans.

- -Jay

  (    (                                                          _______
  ))   ))   .--"There's always time for a good cup of coffee"--.   >====<--.
C|~~|C|~~| (>------ Jay D. Dyson -- jdyson () treachery net ------<) |    = |-'
 `--' `--'  `--- Failure is never as devastating as regret. ---'  `------'

Version: 2.6.2
Comment: See http://www.treachery.net/~jdyson/ for current keys.


ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn' in the BODY
of the mail.

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]