Code Red and August 1st

From: Russ (Russ.Cooper@RC.ON.CA)
Date: 07/30/01 

Message-ID:  <E9A01F52DC939448BBDE44ED2E1C468F167B3C@muskie.rc.on.ca>
Date:         Sun, 29 Jul 2001 18:57:29 -0400
From: Russ <Russ.Cooper@RC.ON.CA>
Subject:      Code Red and August 1st
To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM

-----BEGIN PGP SIGNED MESSAGE-----

I just wanted to correct a statement I've made to several media
outlets regarding whether or not Code Red will begin again on August
1st. Tests we conducted confirm that it will not. This is in contrast
to what I've been stating publicly. The program was obviously
designed to restart each month, what with its day-of-the-month
checking routine limiting itself to 1-28 (days which will always be
in a month). When it goes dormant after the 27th it does not come
back.

I'm certainly not the first to figure this out, but I wanted to put
it on the record that I was wrong in my belief that it would restart.

This only applies to the original Code Red, we have not tested v2 or
any other variants which may exist.

This doesn't alter my prediction that we're going to experience a
'net meltdown on the 1st or 2nd, I believe far too many machines are
vulnerable still and will likely be re-infected.

I wonder how effectively the ISPs of the world can disconnect
300,000+ IP addresses? Guess we'll see.

Cheers,
Russ - Surgeon General of TruSecure Corporation/NTBugtraq Editor

-----BEGIN PGP SIGNATURE-----
Version: PGP Personal Privacy 6.5.2

iQCVAwUBO2SU2RBh2Kw/l7p5AQEVSgQAg0wqFfTMGzn4z110pvtLSe8BRA/SNmrb
6v6BKXDM5ZGrxCfsdETsKJZhYw+1T6n6UnsuR0T6hUKG0+XcSsoqCJJ/v6Hsbj56
mgNNpEu6/HWXsskwyrc9GX2o73GgTnzsKcvJg6Ip1FvDp6DExh3BlT0pbNBTfvBn
JYF1HTRG8e4=
=sj32
-----END PGP SIGNATURE-----

----------------------------------------------------------------------------
Delivery co-sponsored by Trend Micro
============================================================================
TREND MICRO REAL-TIME VIRUS ALERTS
If you would like to know about a virus outbreak before CNN and ZDNet get
Trend Micro Virus Info Feed FREE. Simply copy and paste a small piece of
code to give your visitors a real-time top 10 list and the latest virus
advisories. Setup takes just 10 minutes and requires no server-side code on
your Web site. All content is updated automatically from Trend Micro's Web
site.
http://www.antivirus.com/banners/tracking.asp?si=8&bi=237&ul=/syndication/
vinfo/
----------------------------------------------------------------------------

Relevant Pages

  • Alert: New version of Code Red, XXXX
    ... Subject: Alert: New version of Code Red, ... Delivery co-sponsored by Trend Micro ... TREND MICRO REAL-TIME VIRUS ALERTS ... your Web site. ...
    (NT-Bugtraq)
  • Re: Word 2003 Global template and "Running Virus Scan
    ... I will do some research on the Symantec web site. ... file in the global templates window. ... in the global templates window and the "Running Virus Scan" that is ... not related to Anti Virus program. ...
    (microsoft.public.word.docmanagement)
  • Re: Remote DoS attack against SSH Secure Shell for Windows Servers Vulnerability
    ... socket handles in an FD_SET structure are ... It's a fair bit more code, but very much worth it. ... Delivery co-sponsored by Trend Micro ... TREND MICRO REAL-TIME VIRUS ALERTS ...
    (NT-Bugtraq)
  • Email from Microsoft ?
    ... My virus scanner detected your attached files as ... I have visited the link on your web site and the file name ... - A vulnerability that could allow an unauthorized user to ... For more information about these issues, read Microsoft ...
    (microsoft.public.security)
  • Re: NT 4.0 Security Roll-up and the issue of hotfixes
    ... The list of "25 patches above and beyond the SRP" is not really 25, ... three packages, installing the SRP, following 6 workarounds, and applying 3 ... Delivery co-sponsored by Trend Micro ... TREND MICRO REAL-TIME VIRUS ALERTS ...
    (NT-Bugtraq)