[Dshield] Is it a new Code Red strain?

miroslaws@home.com miroslaws at home.com
Thu Aug 30 20:16:37 GMT 2001

Hello Everybody,

I have noticed in my logs a new type of signatures: - - [28/Aug/2001:08:41:53 -0700]
b%u53ff%u0078%u0000%u00=a HTTP/1.1" 400 -

The difference between well known  Code Red (C-R) and this type of signature
is the lack of  "GET default.ida?" segment exploiting  ".ida" vulnerability.

I believe it could be a new strain of C-R worm. I wonder how it affect if it
hit an already C-R infected computers.

Best Regards


More information about the list mailing list