New version of Code Red?

• Previous message: The Death: "RE: CRv2 - Questions"
• Next in thread: Jim Forster: "Re: New version of Code Red?"
• Reply: Jim Forster: "Re: New version of Code Red?"
• Reply: Nick Lehman: "RE: New version of Code Red?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Message-Id: <F3A2C19FF6AAD41180D900508BD90A949ACFEF@hermes.wairc.govt.nz>
From: Dean Cunningham <Dean.Cunningham@ew.govt.nz>
To: "'incidents@securityfocus.com'" <incidents@securityfocus.com>
Subject: New version of Code Red?
Date: Wed, 25 Jul 2001 10:02:25 +1200

A FYI, I have yet to see anything in my logs.

cheers
Dean

-----Original Message-----
From: MVick@mail.uttyl.edu [mailto:MVick@mail.uttyl.edu]
Sent: Wednesday, 25 July 2001 8:44 AM
To: NT System Admin Issues
Subject: New version of Code Red?

Computer at 172.158.225.228 does the 80 GET /x.ida, followed by AAA...
instead of NNN...
Then comes back 25 minutes later with 80 GET /iisstart.asp and 80 GET
/pagerror.gif

2001-07-23 11:05:32 172.158.255.228 - xxx.xxx.xxx.xxx 80 GET /x.ida
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=X

200 -

2001-07-23 11:30:06 172.158.255.228 - xxx.xxx.xxx.xxx 80 GET /iisstart.asp
- 200 Mozilla/4.0+(compatible;+MSIE+5.5;+Windows+98;+Win+9x+4.90)

2001-07-23 11:30:08 172.158.255.228 - xxx.xxx.xxx.xxx 80 GET /pagerror.gif
- 200 Mozilla/4.0+(compatible;+MSIE+5.5;+Windows+98;+Win+9x+4.90)

And nslookup reports....

C:\>nslookup 172.158.255.228
Server: xxxx.xxxxx.xxx
Address: xxx.xxx.xxx.xxx

Name: AC9EFFE4.ipt.aol.com
Address: 172.158.255.228

Michael Vick

***************************************************
This e-mail is not an official statement of the
Waikato Regional Council unless otherwise stated.
Visit our website http://www.ew.govt.nz
***************************************************

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com

• Previous message: The Death: "RE: CRv2 - Questions"
• Next in thread: Jim Forster: "Re: New version of Code Red?"
• Reply: Jim Forster: "Re: New version of Code Red?"
• Reply: Nick Lehman: "RE: New version of Code Red?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Re: [CERT] Re: Compromised FBSD/Apache ... >>>This list is provided by the SecurityFocus ARIS analyzer service. ... >>>For more information on this free incident handling, management ... (Incidents) RE: Anyone????? FW: Concept Virus(CV) V.5 - Quick analysis update ... >>> This list is provided by the SecurityFocus ARIS analyzer service. ... >>> For more information on this free incident handling, management ... (Incidents) RE: Compromised FBSD/Apache ... >>>This list is provided by the SecurityFocus ARIS analyzer service. ... >>>For more information on this free incident handling, management ... (Incidents) Re: Strange web request ... >> This list is provided by the SecurityFocus ARIS analyzer service. ... >> For more information on this free incident handling, management ... (Incidents) Re: Rooted, .haos on system ... > This list is provided by the SecurityFocus ARIS analyzer service. ... > For more information on this free incident handling, management ... (Incidents)

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint