Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Full analysis of the .ida "Code Red" worm.

From: "Pierre Vandevenne" <pierre () datarescue com>
Date: Fri, 20 Jul 2001 04:08:06 +0200
On Thu, 19 Jul 2001 16:44:08 -0700, Laurence Hand wrote:


Did anyone else see that one of Microsoft's windowsupdate.microsoft.com
servers got bit by this worm? It went away when we refreshed the screen
and presumably rolled over to another server, but it is definitely on at
least one of their servers.


Confirmed. Here's a "souvenir"

http://www.datarescue.com/fprot/virinfo/hackedbychinese.gif

This DOES raise some pretty fundamental questions about the security of
all the infrastructure, because, in theory the compromised servers
_could_ have been exploited more extensively and _could_ be delivering
nastily compromised stuff around. I have no reason to believe it has
happened, but still...


---
Pierre Vandevenne - DataRescue : home of the IDA Pro Disassembler  
Advanced tools for the IT Security Industry. www.datarescue.com/idabase/
SM CF and MS Picture Recovery Software www.datarescue.com/photorescue/
Previous By Date Next
Previous By Thread Next

Current thread: