Bugtraq mailing list archives
Re: [BUGTRAQ] Full analysis of the .ida "Code Red" worm.
From: "Nick FitzGerald" <nick () virus-l demon co uk>
Date: Fri, 20 Jul 2001 17:26:33 +1200
Vern Paxson <vern () ee lbl gov> wrote:
Date: Thu, 19 Jul 2001 17:35:48 PDTIt appears that the worm is at this time somewhat containedA colleague has pointed out that this may be because it's now already reached all of the easily-reachable, infectable servers.
Note your posting time and assuming the TZ is correct... No -- it is "constrained" because it has reached the *UTC date* (not time as initially reported) when it is programmed to switch from "spread like crazy" mode to "DoS one of the IPs that was part of www.whitehouse.gov" mode. In about ten days it will flick back to the "spread like crazy" mode. Regards, Nick FitzGerald
Current thread:
- Re: [BUGTRAQ] Full analysis of the .ida "Code Red" worm. Vern Paxson (Jul 19)
- <Possible follow-ups>
- Re: [BUGTRAQ] Full analysis of the .ida "Code Red" worm. Vern Paxson (Jul 19)
- Re: [BUGTRAQ] Full analysis of the .ida "Code Red" worm. Vern Paxson (Jul 19)
- Re: [BUGTRAQ] Full analysis of the .ida "Code Red" worm. Nick FitzGerald (Jul 19)
- Oracle Vulnerability Discovered in OID Aaron C. Newman (Jul 20)
- Re: [BUGTRAQ] Full analysis of the .ida "Code Red" worm. Jerome Alet (Jul 20)
- Re: [BUGTRAQ] Full analysis of the .ida "Code Red" worm. Nick FitzGerald (Jul 19)
- Re: [BUGTRAQ] Full analysis of the .ida "Code Red" worm. Vern Paxson (Jul 19)
- Re: [BUGTRAQ] Full analysis of the .ida "Code Red" worm. Tony Langdon (Jul 19)
- Re: [BUGTRAQ] Full analysis of the .ida "Code Red" worm. Vern Paxson (Jul 20)