Re: What the *** is this

From: dmuz (dmuz@angrypacket.com)
Date: 08/10/01


Message-ID: <008d01c121d9$5eca9880$1a090a0a@cnet.com>
From: "dmuz" <dmuz@angrypacket.com>
To: "Steve Halligan" <agent33@geeksquad.com>, "Incidents (E-mail)" <INCIDENTS@SECURITYFOCUS.COM>
Subject: Re: What the *** is this
Date: Fri, 10 Aug 2001 13:16:42 -0700


"What we have here is failure to communicate..."

I think that the issue here is the various nomenclatures that have been
given to Code Red. Here are the versions as I understand it, with names
that I have seen each called. You'll notice the discrepancies:

Code Red == Code Red I == CRvI (original)
Code Red I version 2 == Code Red II == CRv2 (no backdoor, same codebase
as first)
Code Red II == Code Red III == CRvIII (leaves the backdoors)

The first column is what I have been using. To bad this was not
standardized somehow, because it has caused a fair amount of confusion.

So I believe the article is referring to what I call Code Red II.

dmuz

----- Original Message -----
From: Steve Halligan <agent33@geeksquad.com>
To: Incidents (E-mail) <INCIDENTS@SECURITYFOCUS.COM>
Sent: Friday, August 10, 2001 11:02 AM
Subject: What the *** is this

Check this out. Is this media nonsense, or is there really something to
it?

http://news.cnet.com/news/0-1003-200-6835996.html

-Steve

------------------------------------------------------------------------

----
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com

---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com



Relevant Pages

  • RE: Malicious web sites
    ... > This list is provided by the SecurityFocus ARIS analyzer service. ... > For more information on this free incident handling, management ... > and tracking system please see: http://aris.securityfocus.com ...
    (Incidents)
  • Re: [incident] IIS defacement through FTP, possible DoS
    ... > This list is provided by the SecurityFocus ARIS analyzer service. ... > For more information on this free incident handling, management ... > and tracking system please see: http://aris.securityfocus.com ...
    (Incidents)
  • RE: Distributed ICMP/UDP scan or attack?
    ... This list is provided by the SecurityFocus ARIS analyzer service. ... and tracking system please see: http://aris.securityfocus.com ... For more information on this free incident handling, management ...
    (Incidents)
  • Re: strange attacks - flood udp packets from 1030 to msql
    ... > This list is provided by the SecurityFocus ARIS analyzer service. ... For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com ...
    (Incidents)
  • RE: Can anyone identify this backdoor?
    ... > and tracking system please see: http://aris.securityfocus.com ... This list is provided by the SecurityFocus ARIS analyzer service. ... For more information on this free incident handling, management ...
    (Incidents)