[Dshield] Intelligent Code Red - 45 seconds to infect and deploy

Dalantech john at dalantech.com
Thu Aug 2 19:52:17 GMT 2001


With all the parties concerned: May I post your email in the news at
www.dalantech.com ?

Sincerely,

John (aka Dalantech)

-----Original Message-----
From: dshield-admin at dshield.org [mailto:dshield-admin at dshield.org]On
Behalf Of Thompson, John J
Sent: Thursday, August 02, 2001 8:53 PM
To: 'dshield at dshield.org'; 'incidents at securityfocus.com'
Subject: [Dshield] Intelligent Code Red - 45 seconds to infect and
deploy


Rapid infection, rapid deployment. All in 45 seconds.

I just finished a clean install of windows2000 for our website. I had
enabled ip filtering blocking all but 137-139, and 80. Then I needed to get
to my file server to download black ice and the patch for code red. That
file copy took no more than 45 seconds. I then installed black ice and the
patch. Before I restarted, I opened black ice to set the advanced filters.
In less than 20 seconds, my machine was attacking 9 hosts before I could
pull the plug.

****
My machine was attacked, infected, and then was attacking others during less
than a minute of connection to the network. Amazingly, this machine was the
only one attacked. My 5 other win2k servers and active web server didn't
flag a single attack. How is code red finding the vulnerable system without
touching other systems on the same network and infecting it and deploying
itself within 45 seconds???
****

Amazing.

John

------------------------------------
John Thompson
Network Administrator
Dept. of Biochemistry
University of Iowa

_______________________________________________
Dshield mailing list
Dshield at dshield.org
To change your subscription options (or unsubscribe), see:
http://www1.dshield.org/mailman/listinfo/dshield




More information about the list mailing list