[unisog] Code Red(s) being confused with sadmind/IIS worm?
Paul L Schmehl
pauls at utdallas.edu
Thu Aug 9 23:25:08 GMT 2001
--On Thursday, August 09, 2001 5:09 PM -0400 "Stephen W. Thompson"
<thompson at pobox.upenn.edu> wrote:
> If I'm correct, that implies a) sadmind/IIS is more prevalent than
> we'd realized and, possibly b) that there might be a variant of
> sadmind/IIS that succeeds on non-Solaris machines unlike the original
> variant. Any corroboration on (b) from anyone?
The "signature" of Poisonworm is pretty obvious, and if we were seeing it,
our IDS would be alerting on it. I haven't seen much of it for a while.
It seems to have died off a short while after Code Red A became active.
> En paz,
> Steve, (tired) security analyst
Yeah, no kidding.
Paul L. Schmehl, pauls at utdallas.edu
Supervisor, Support Services
The University of Texas at Dallas
AVIEN Founding Member
More information about the unisog