Virus.Org IT Security News and Information Portal. We offer the latest IT security news, updates, product reviews, books, and articles for all you IT security professionals out there. Enter and get the best IT security information on the Internet.

 
. Welcome to the Virus.Org Mailing List Archive  
.
.


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]


[Dshieldannounce] Code Red F
.

  • Subject: [Dshieldannounce] Code Red F
  • From: jullrich at euclidian.com (Johannes Ullrich)
  • Date: Mon May 5 14:22:59 2003
.
 
   We are tracking a new variation of our old friend Code Red.
This version appears to use the same .ida overflow as the
original Code Red. However, reports indicate that it installs
a backdoor as well.

   So far, we see approximately twice the number of sources as
we usually have this time of the month. Last month, we tracked
about 30,000 Code Red infected machines scanning from March 1st
to March 19th. So far, we see more than 50,000 systems scanning 
port 80, in addition to our continuous background of 13,000 sources.

   At this time, I am not planning on raising the infocon to yellow,
as this appears to be essentially a variation of an old threat and
it is unlikely that we will alert anybody new. I do not expect any
widespread effects on network performance.

   Please verify that all IIS servers are patched and unnecessary
file type associations are removed. Filtering port 80 is recommend
if possible.


-- 
--------------------------------------------------------------------
[EMAIL PROTECTED]             Collaborative Intrusion Detection
                                         join http://www.dshield.org
 
.
.
 
Copyright (c) Virus.Org 1997-2006.
All Trademarks Acknowledged.
Please view our Terms and Conditions and our Privacy Policy.