[Dshield] Code Red anyone?

Nels Bels nelsbels at cableone.net
Mon Jan 26 22:43:15 GMT 2004


I'm running Wormcatcher on a Honeypot machine and I am still getting codeRed
hits. My  IDS is still logging these as codered as well.

-----Original Message-----
From: list-bounces at dshield.org [mailto:list-bounces at dshield.org] On Behalf
Of Pete Cap
Sent: Monday, January 26, 2004 12:14 PM
To: General DShield Discussion List
Subject: Re: [Dshield] Code Red anyone?


Tim,
 
I dunno if anyone replied to you about this one yet.
 
I have heard some rumors about Code Red II circulating again.  After reading
some of the technical reports on the worm I was under the impression that it
was supposed to suicide after 2001.  Symantec discovered a new variant in
March of '03...but aside from unpatched legacy machines without current AV
signatures, would there really be enough of a "niche" to account for the
amount of traffic out there?  An interesting problem...
 
Have you got any logs of the worm attempting to spread to you?
 
Regards,
 
Pete


---------------------------------
Do you Yahoo!?
Yahoo! SiteBuilder - Free web site building tool. Try it!
_______________________________________________
list mailing list
list at dshield.org
To change your subscription options (or unsubscribe), see:
http://www.dshield.org/mailman/listinfo/list

-- 
Incoming mail is certified Virus Free.
Checked by AVG Anti-Virus (http://www.grisoft.com).
Version: 7.0.211 / Virus Database: 261.7.6 - Release Date: 1/26/2004
 

-- 
Outgoing mail is certified Virus Free.
Checked by AVG Anti-Virus (http://www.grisoft.com).
Version: 7.0.211 / Virus Database: 261.7.6 - Release Date: 1/26/2004
 




More information about the list mailing list