Security Incidents mailing list archives
Re: Code Red - A Possible Origin?
From: "Mike Lewinski" <mike () rockynet com>
Date: Fri, 24 Aug 2001 14:09:12 -0600
$ telnet tao.ca www GET /~wrench/bloc/news/07_19_01.html HTTP/1.1 HTTP/1.1 200 OK Date: Fri, 24 Aug 2001 19:47:42 GMT Server: Apache Last-Modified: Fri, 20 Jul 2001 01:52:42 GMT ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ The server appears to be located in the Toronto area which I believe is -0400 GMT. If it hasn't been monkeyed with, the Last-Modified tag places the document's creation time around 9:50pm local time on the 19th of July. The original Eeye advisory containing details about the worm's "whitehouse attack mode" was released two days earlier, on the 17th of July. I'd be a lot more inclined to believe the claim of responsibility if Apache was giving a 'last-modified' tag earlier than that date. By the posting date it was already public knowledge. Mike ----- Original Message ----- From: "Michal Nazarewicz" <m.nazarewicz () dkgroup com pl> To: "'Michael J. Cannon'" <mcannon () ubiquicomm com>; <incidents () securityfocus com> Sent: Friday, August 24, 2001 1:42 AM Subject: RE: Code Red - A Possible Origin?
Tongue VERY firmly in cheek here, gang. Let's not mistake a group's target of opportunity for the real thing. But it's interesting that somone would have the balls to claim responsibility, no matter how indirectly....let's also add that there is a message written in black on black background which says: red worm denial-of-service dos code welcome to http://www.worm.com!
Hacked
by Chinese - xo ha ----------------------------------------------------------------------
------
This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- Code Red - A Possible Origin? Michael J. Cannon (Aug 23)
- RE: Code Red - A Possible Origin? Michal Nazarewicz (Aug 24)
- Re: Code Red - A Possible Origin? Mike Lewinski (Aug 27)
- Re: Code Red - A Possible Origin? Michael J. Cannon (Aug 29)
- Re: Code Red - A Possible Origin? Michael J. Cannon (Aug 27)
- Re: Code Red - A Possible Origin? Mike Lewinski (Aug 27)
- RE: Code Red - A Possible Origin? Michal Nazarewicz (Aug 24)