Re: Full analysis of the .ida "Code Red" worm.
From: Pierre Vandevenne (pierre@datarescue.com)Date: 07/20/01
- Previous message: Darrell Hyde: "RE: Microsoft IIS problems (Current)"
- In reply to: Laurence Hand: "Re: Full analysis of the .ida "Code Red" worm."
- Next in thread: JNJ: "Re: Full analysis of the .ida "Code Red" worm."
- Reply: JNJ: "Re: Full analysis of the .ida "Code Red" worm."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Pierre Vandevenne" <pierre@datarescue.com> To: "Laurence Hand" <lhand@co.la.ca.us>, "Marc Maiffret" <marc@eeye.com> Date: Fri, 20 Jul 2001 04:08:06 +0200 Subject: Re: Full analysis of the .ida "Code Red" worm. Message-ID: <99559213401@datarescue.be>
On Thu, 19 Jul 2001 16:44:08 -0700, Laurence Hand wrote:
>Did anyone else see that one of Microsoft's windowsupdate.microsoft.com
>servers got bit by this worm? It went away when we refreshed the screen
>and presumably rolled over to another server, but it is definitely on at
>least one of their servers.
Confirmed. Here's a "souvenir"
http://www.datarescue.com/fprot/virinfo/hackedbychinese.gif
This DOES raise some pretty fundamental questions about the security of
all the infrastructure, because, in theory the compromised servers
_could_ have been exploited more extensively and _could_ be delivering
nastily compromised stuff around. I have no reason to believe it has
happened, but still...
--- Pierre Vandevenne - DataRescue : home of the IDA Pro Disassembler Advanced tools for the IT Security Industry. www.datarescue.com/idabase/ SM CF and MS Picture Recovery Software www.datarescue.com/photorescue/
- Previous message: Darrell Hyde: "RE: Microsoft IIS problems (Current)"
- In reply to: Laurence Hand: "Re: Full analysis of the .ida "Code Red" worm."
- Next in thread: JNJ: "Re: Full analysis of the .ida "Code Red" worm."
- Reply: JNJ: "Re: Full analysis of the .ida "Code Red" worm."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
