[Dshield] You have to check this out..............

Johannes B. Ullrich jullrich at euclidian.com
Fri Aug 10 14:27:16 GMT 2001

> MICROSOFT ... confirmed Wednesday that some computers running Hotmail
> the software giant's free e-mail service - were infected by one of
> the worms.

Yes. We told them ;-)... I think we actually got more than just two
hotmail machines in our logs. (The article says that only two got
infected.). As it's public knowledge anyway, here the reply we got from
Hotmail: (I removed the HTML tags)...


From: "Policy Enforcement" <enforce_policy at hotmail.com>
Subject: DShield Fightback regarding
Date: Thu, 9 Aug 2001 12:04:43 -0700

Thanks for your message to MSN Hotmail.

There were a few machines that were affected by the 'code red' worm
virus and promptly removed from the environment.

At no time was any customer data compromised and all users should still
be able to access the Hotmail service in a secure fashion.

We appreciate you taking the time to forward this information to us and
we apologize for the inconvenience.


MSN Hotmail Policy Enforcement


I wonder how they came to the conclusion that no customer data was
compromissed. They got hit by CR II, which installs a back door.

jullrich at sans.org                    Join http://www.DShield.org
                                     Distributed Intrusion Detection System

More information about the list mailing list