Re: Full analysis of the .ida "Code Red" worm.
From: Laurence Hand (lhand@co.la.ca.us)Date: 07/20/01
- Previous message: Bear Giles: ""Code Red" also affecting Linksys cable modem router/firewalls?"
- In reply to: Marc Maiffret: "Full analysis of the .ida "Code Red" worm."
- Next in thread: Ryan Russell: "Re: Full analysis of the .ida "Code Red" worm."
- Reply: Ryan Russell: "Re: Full analysis of the .ida "Code Red" worm."
- Reply: Pierre Vandevenne: "Re: Full analysis of the .ida "Code Red" worm."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Message-ID: <3B5770C8.4856618D@co.la.ca.us> Date: Thu, 19 Jul 2001 16:44:08 -0700 From: Laurence Hand <lhand@co.la.ca.us> To: Marc Maiffret <marc@eeye.com> Subject: Re: Full analysis of the .ida "Code Red" worm.
Did anyone else see that one of Microsoft's windowsupdate.microsoft.com
servers got bit by this worm? It went away when we refreshed the screen
and presumably rolled over to another server, but it is definitely on at
least one of their servers.
I know MS watches this list, so I hope they will be checking their
servers before this starts the DDOS tomorrow.
Marc Maiffret wrote:
>
> The following is a detailed analysis of the "Code Red" .ida worm that we
> reported on July 17th 2001.
>
<snip>
- Previous message: Bear Giles: ""Code Red" also affecting Linksys cable modem router/firewalls?"
- In reply to: Marc Maiffret: "Full analysis of the .ida "Code Red" worm."
- Next in thread: Ryan Russell: "Re: Full analysis of the .ida "Code Red" worm."
- Reply: Ryan Russell: "Re: Full analysis of the .ida "Code Red" worm."
- Reply: Pierre Vandevenne: "Re: Full analysis of the .ida "Code Red" worm."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
