[Dshield] Code Red rising sharply again
seangra at yahoo.com
Tue Aug 28 20:48:28 GMT 2001
At 02:55 PM 8/28/2001 -0400, you wrote:
> > As you can see at our Code red stats at
> > http://www.security.nl/misc/codered-stats/,
> > the number of probes is rising sharply.
(shameful plug) ;)
> > Fear not! as this is most probably Codered.d
> > re-infecting machines from people living
> > under a rock or two.
>1. School is back in session. Lots of kids that did not previously
> have access to fast 'net connections, and have new PC's.
I thought school started in September...? I would also assume that savvy
universities would block incoming 21/80 port access, even before code red
came out. But even if not, IIS is installed on Servers and computers that
you explicitly install "Personal Web Server" on. I would assume that most
new PCs (well, most new PCs probably don't have 2K installed, probably have
ME), if they had 2K installed, wouldn't have Personal web server
installed. I would doubt that this would be a major cause of the uprise
again. I could be wrong.
>2. We are also seeing new scans that seem to be brute force
> login attempts on porn sites. One client at a school
> showed several machines attacking similiar sites.
> This may be a worm, it may be a program run intentionally.
> We'll find out soon...
What exactly do you mean by this? Infected CodeRed machines attacking porn
sites? How do you know that these sites are being attacked?
>Dshield mailing list
>Dshield at dshield.org
>To change your subscription options (or unsubscribe), see:
Do You Yahoo!?
Get your free @yahoo.com address at http://mail.yahoo.com
More information about the list