Security Incidents mailing list archives
Re: CodeRed
From: Ryan Russell <ryan () securityfocus com>
Date: Fri, 20 Jul 2001 00:57:50 -0600 (MDT)
On Thu, 19 Jul 2001, Dragos Ruiu wrote:
I'm surprised no-one has suggested to build the rapid response counter worm yet... :-)
The discussion has started on Bugtraq. Taking out this exact worm wouldn't be hard. Change 1-2 bytes to change the check for file existance call to a create file call. Perhaps change the day of the month to the 25th. Maybe set the DDoS victim IP to 127.0.0.1, or some volunteer address so the worms can call home.
P.s. please note that I do not express an opinion about whether this is a good idea or not.... :-)
It's not.
Ryan
----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see:
http://aris.securityfocus.com
Current thread:
- CodeRed Ryan Russell (Jul 19)
- Re: CodeRed James T Kirk (Jul 20)
- <Possible follow-ups>
- Re: CodeRed Ryan Russell (Jul 19)
- Re: CodeRed Ryan Russell (Jul 19)
- RE: CodeRed Ivan (Jul 19)
- RE: CodeRed Fulton L. Preston Jr. (Jul 19)
- Re: CodeRed Ryan Russell (Jul 20)
- RE: CodeRed Tulchinskiy, Sasha (Jul 20)
- SIRCAM WORM? borakovej (Jul 24)
- Re: SIRCAM WORM? acz [iSecureLabs] (Jul 24)
- SIRCAM WORM? borakovej (Jul 24)
- CodeRed terminator (Jul 21)