Bugtraq mailing list archives

Re: Full analysis of the .ida "Code Red" worm.

From: Laurence Hand <lhand () co la ca us>
Date: Thu, 19 Jul 2001 16:44:08 -0700

Did anyone else see that one of Microsoft's windowsupdate.microsoft.com
servers got bit by this worm? It went away when we refreshed the screen
and presumably rolled over to another server, but it is definitely on at
least one of their servers.

I know MS watches this list, so I hope they will be checking their
servers before this starts the DDOS tomorrow.

Marc Maiffret wrote:


The following is a detailed analysis of the "Code Red" .ida worm that we
reported on July 17th 2001.

<snip>

Current thread:

Full analysis of the .ida "Code Red" worm. Marc Maiffret (Jul 18)
- Re: [BUGTRAQ] Full analysis of the .ida "Code Red" worm. Joe Harris (Jul 19)
- Re: Full analysis of the .ida "Code Red" worm. Laurence Hand (Jul 19)
  - Re: Full analysis of the .ida "Code Red" worm. Ryan Russell (Jul 19)
    - RE: Full analysis of the .ida "Code Red" worm. Marc Maiffret (Jul 19)
    - RE: Full analysis of the .ida "Code Red" worm. Eric Chien (Jul 20)
  - Re: Full analysis of the .ida "Code Red" worm. Pierre Vandevenne (Jul 19)
    - Re: Full analysis of the .ida "Code Red" worm. JNJ (Jul 20)
    - Timely Patching (was: Full analysis of the .ida "Code Red" worm.) Crispin Cowan (Jul 23)
- Mitigating some of the effects of the Code Red worm LARD BENJAMIN LEE (Jul 19)
  - Re: Mitigating some of the effects of the Code Red worm Vincas Ciziunas (Jul 19)
  - Re: Mitigating some of the effects of the Code Red worm Johannes B. Ullrich (Jul 19)
  - Re: Mitigating some of the effects of the Code Red worm Ryan Russell (Jul 20)

(Thread continues...)