[Dshieldannounce] Code Red Vers. 1 sightings. (fwd)

Johannes B. Ullrich jullrich at euclidian.com
Tue Oct 9 14:56:40 UTC 2001


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


After CodeRed shut itself off on Oct. 1st, the door is open again for CRI
to spread. We did already receive a few sightings. However, as there was
almost a week of quiet time, it would be interesting to get the first one.

Please check your web logs and see if they include the typical
signature... here is a sample:

4.18.227.20 - - [07/Oct/2001:10:39:55 -0400] "GET
/default.ida?NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u9090%u8190%u00c3%u0003%u8b00%u531b%u53ff%u0078%u0000%u00=a
HTTP/1.0" 400 326

Please only send the earliest few samples you have in your logs from
October. Just send them to me directly (jullrich at dshield.org).

 Thanks!

- --
- -------
jullrich at sans.org                    Join http://www.DShield.org
                                     Distributed Intrusion Detection System

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE7ww/jVOIizK5pIDMRAq9TAKCIXm2E20Lk5CAnpLvOdqC7VuPnnQCeM2N7
Ea9MCs5lPMtJRbC7dXiNySk=
=34BL
-----END PGP SIGNATURE-----





More information about the Dshieldannounce mailing list