Re: What the *** is this

From: dmuz (dmuz@angrypacket.com)
Date: 08/10/01

• Previous message: Nick FitzGerald: "Re: What the *** is this"
• In reply to: Steve Halligan: "What the *** is this"
• Next in thread: Justin Shore: "Re: What the *** is this"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Message-ID: <008d01c121d9$5eca9880$1a090a0a@cnet.com>
From: "dmuz" <dmuz@angrypacket.com>
To: "Steve Halligan" <agent33@geeksquad.com>, "Incidents (E-mail)" <INCIDENTS@SECURITYFOCUS.COM>
Subject: Re: What the *** is this
Date: Fri, 10 Aug 2001 13:16:42 -0700

"What we have here is failure to communicate..."

I think that the issue here is the various nomenclatures that have been
given to Code Red. Here are the versions as I understand it, with names
that I have seen each called. You'll notice the discrepancies:

Code Red == Code Red I == CRvI (original)
Code Red I version 2 == Code Red II == CRv2 (no backdoor, same codebase
as first)
Code Red II == Code Red III == CRvIII (leaves the backdoors)

The first column is what I have been using. To bad this was not
standardized somehow, because it has caused a fair amount of confusion.

So I believe the article is referring to what I call Code Red II.

dmuz

----- Original Message -----
From: Steve Halligan <agent33@geeksquad.com>
To: Incidents (E-mail) <INCIDENTS@SECURITYFOCUS.COM>
Sent: Friday, August 10, 2001 11:02 AM
Subject: What the *** is this

Check this out. Is this media nonsense, or is there really something to
it?

http://news.cnet.com/news/0-1003-200-6835996.html

-Steve

------------------------------------------------------------------------

----
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com
----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

---

• Previous message: Nick FitzGerald: "Re: What the *** is this"
• In reply to: Steve Halligan: "What the *** is this"
• Next in thread: Justin Shore: "Re: What the *** is this"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages RE: Malicious web sites ... > This list is provided by the SecurityFocus ARIS analyzer service. ... > For more information on this free incident handling, management ... > and tracking system please see: http://aris.securityfocus.com ... (Incidents) Re: [incident] IIS defacement through FTP, possible DoS ... > This list is provided by the SecurityFocus ARIS analyzer service. ... > For more information on this free incident handling, management ... > and tracking system please see: http://aris.securityfocus.com ... (Incidents) RE: Distributed ICMP/UDP scan or attack? ... This list is provided by the SecurityFocus ARIS analyzer service. ... and tracking system please see: http://aris.securityfocus.com ... For more information on this free incident handling, management ... (Incidents) Re: strange attacks - flood udp packets from 1030 to msql ... > This list is provided by the SecurityFocus ARIS analyzer service. ... For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com ... (Incidents) RE: Can anyone identify this backdoor? ... > and tracking system please see: http://aris.securityfocus.com ... This list is provided by the SecurityFocus ARIS analyzer service. ... For more information on this free incident handling, management ... (Incidents)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Mailing-Lists  > securityfocus  > incidents  > 2001-08