[Dshield] A php3/4 script for grabbing the details from a Cod eRed page call.

Tony Maro tonym at nlisc.com
Wed Aug 8 21:51:56 GMT 2001


But the worm IS the server at that point, really...

I've written a test utility that can be used to test a system remotely to
see if it has the backdoor installed.  However, I find that many of the
sites that are hitting me still don't actually have the backdoor running
_yet_ because they haven't hit the 24 hour reboot.  It's normally only
machines that are in yesterday's logs that have the open door.  And even at
that I find only about 50% of the day-old machines actually have the back
door open - I assume those machines have been patched or are so overloaded
as to not respond.



More information about the list mailing list