[Dshield] Is it a new Code Red strain?
miroslaws at home.com
Thu Aug 30 20:16:37 GMT 2001
I have noticed in my logs a new type of signatures:
188.8.131.52 - - [28/Aug/2001:08:41:53 -0700]
b%u53ff%u0078%u0000%u00=a HTTP/1.1" 400 -
The difference between well known Code Red (C-R) and this type of signature
is the lack of "GET default.ida?" segment exploiting ".ida" vulnerability.
I believe it could be a new strain of C-R worm. I wonder how it affect if it
hit an already C-R infected computers.
More information about the list