[Dshield] RE: fighting back against CodeRed

John Groseclose iain at caradoc.org
Wed Aug 8 03:13:22 GMT 2001

At this point, I'd be happy to run a CGI that grabs the IP address of 
the infected machine, and sends an e-mail to abuse at domain.TLD 
reporting the attempt.

If they get a few thousand e-mails about it, maybe they'll be more 
likely to *ACT* on the reports instead of ignoring them for days on 

I cannot condone a counter-worm. These "administrators" need to learn 
that there's more to being an "administrator" than simply being able 
to double-click on "Install" for a Microsoft product.

I'm willing to bet that a lot of the infected IIS machines' owners 
don't even know that IIS was installed and activated BY DEFAULT.

At least one of the machines that attempted to connect to me to pass 
Code Red had pages showing that the guy was an MCSE... I e-mailed him 
about it, and the pages have since vanished, but he never replied.
John Groseclose
iain at caradoc.org

More information about the list mailing list