[Dshield] Intelligent Code Red - 45 seconds to infect and deploy
john at dalantech.com
Thu Aug 2 19:52:17 GMT 2001
With all the parties concerned: May I post your email in the news at
John (aka Dalantech)
From: dshield-admin at dshield.org [mailto:dshield-admin at dshield.org]On
Behalf Of Thompson, John J
Sent: Thursday, August 02, 2001 8:53 PM
To: 'dshield at dshield.org'; 'incidents at securityfocus.com'
Subject: [Dshield] Intelligent Code Red - 45 seconds to infect and
Rapid infection, rapid deployment. All in 45 seconds.
I just finished a clean install of windows2000 for our website. I had
enabled ip filtering blocking all but 137-139, and 80. Then I needed to get
to my file server to download black ice and the patch for code red. That
file copy took no more than 45 seconds. I then installed black ice and the
patch. Before I restarted, I opened black ice to set the advanced filters.
In less than 20 seconds, my machine was attacking 9 hosts before I could
pull the plug.
My machine was attacked, infected, and then was attacking others during less
than a minute of connection to the network. Amazingly, this machine was the
only one attacked. My 5 other win2k servers and active web server didn't
flag a single attack. How is code red finding the vulnerable system without
touching other systems on the same network and infecting it and deploying
itself within 45 seconds???
Dept. of Biochemistry
University of Iowa
Dshield mailing list
Dshield at dshield.org
To change your subscription options (or unsubscribe), see:
More information about the list