Security Incidents mailing list archives
Re: What the *** is this
From: Justin Shore <macdaddy () neo pittstate edu>
Date: Fri, 10 Aug 2001 15:15:29 -0500
On 8/10/01 1:02 PM Steve Halligan said...
Check this out. Is this media nonsense, or is there really something to it? http://news.cnet.com/news/0-1003-200-6835996.html
Until that can be confirmed by actual hard fact (read: code), I'd not plan on an all-nighter with your firewall. The other "CodeRed III" reports so far have sounded more like media misinterpretation of certain anti-virus makers reporting on CodeRed II, where they called it "CodeRed.v3" or "CodeRed III". It's quite possible that there is another variant but it hasn't been proven yet. It's also distinctly possible that the kiddies are taking advantage of the hype created by CodeRed to send their own destructive payloads (maybe forece the IIS machine to download and install NetBus or BO). Maybe this isn't CodeRed but something else instead that uses root.exe to format the machine's drive. Take your pick of the litter but wait for proof before changing your weekend plans. Justin -- Justin Shore, ES-SS ES-SSR Pittsburg State University Network & Systems Manager Kelce 157Q Office of Information Systems Pittsburg, KS 66762 Voice: (620) 235-4606 Fax: (620) 235-4545 http://www.pittstate.edu/ois/ Warning: This message has been quadruple Rot13'ed for your protection. ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- What the *** is this Steve Halligan (Aug 10)
- Re: What the *** is this Ryan Russell (Aug 10)
- Re: What the *** is this Nick FitzGerald (Aug 10)
- Re: What the *** is this dmuz (Aug 10)
- <Possible follow-ups>
- Re: What the *** is this Justin Shore (Aug 12)