Security Incidents mailing list archives

Previous By Date Next
Previous By Thread Next

CodeRedII worm..

From: Valdis.Kletnieks () vt edu
Date: Sun, 05 Aug 2001 04:38:55 -0400
(Sorry for the cross-posting)

Given that initial analysis of the CodeRedII worm indicates that it leaves
a backdoor laying around, I hereby request that those people who made
lists of infected hosts available last time *NOT* do so again.

Although said lists *were* helpful in the analysis and study of the worm's
tactics, the benefits are certainly outweighted by the fact that the new
worm creates a known backdoor.  I'm certain that both the CodeRedII author
and other black hats would love for us to compile a list of afflicted hosts
for them to use.

So please everybody - if you're sending IP's in to be added to a table,
make sure you're sending them to a white hat, not to a black hat who's
managed to social-engineer you.  If you're a white had compiling a list,
make sure the guy's hat is at least a light grey before you give them
a copy. ;)

                                Valdis Kletnieks
                                Operating Systems Analyst
                                Virginia Tech

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com
Previous By Date Next
Previous By Thread Next

Current thread: