[Dshieldannounce] Code Red Vers. 1 sightings. (fwd)
Johannes B. Ullrich
jullrich at euclidian.com
Tue Oct 9 14:56:40 UTC 2001
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
After CodeRed shut itself off on Oct. 1st, the door is open again for CRI
to spread. We did already receive a few sightings. However, as there was
almost a week of quiet time, it would be interesting to get the first one.
Please check your web logs and see if they include the typical
signature... here is a sample:
4.18.227.20 - - [07/Oct/2001:10:39:55 -0400] "GET
/default.ida?NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u9090%u8190%u00c3%u0003%u8b00%u531b%u53ff%u0078%u0000%u00=a
HTTP/1.0" 400 326
Please only send the earliest few samples you have in your logs from
October. Just send them to me directly (jullrich at dshield.org).
Thanks!
- --
- -------
jullrich at sans.org Join http://www.DShield.org
Distributed Intrusion Detection System
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iD8DBQE7ww/jVOIizK5pIDMRAq9TAKCIXm2E20Lk5CAnpLvOdqC7VuPnnQCeM2N7
Ea9MCs5lPMtJRbC7dXiNySk=
=34BL
-----END PGP SIGNATURE-----
More information about the Dshieldannounce
mailing list