[Dshield] A php3/4 script for grabbing the details from a Cod eRed page call.
tonym at nlisc.com
Wed Aug 8 21:51:56 GMT 2001
But the worm IS the server at that point, really...
I've written a test utility that can be used to test a system remotely to
see if it has the backdoor installed. However, I find that many of the
sites that are hitting me still don't actually have the backdoor running
_yet_ because they haven't hit the 24 hour reboot. It's normally only
machines that are in yesterday's logs that have the open door. And even at
that I find only about 50% of the day-old machines actually have the back
door open - I assume those machines have been patched or are so overloaded
as to not respond.
More information about the list