Re: Code Red - A Possible Origin?

["Michael J. Cannon" <mcannon () ubiquicomm com>]

Saw the message in source, when I was looking at the site originally.

But couldn't this also be a red herring, placed there by the author of CR to
divert suspicion...it is, after all, easy and trivial to add that to a web
page's source.

Especially given that they are running on Linux and Apache (link here:
http://uptime.netcraft.com/up/graph/?host=www.tao.ca)  Note:  again,
netcraft results to be taken as an indicator and not gospel.  However, it
makes sense, since they are otherwise so down on Microsoft and seem to glory
in their 'leetness.'

Mike
----- Original Message -----
From: "Michal Nazarewicz" <m.nazarewicz () dkgroup com pl>
To: "'Michael J. Cannon'" <mcannon () ubiquicomm com>;
<incidents () securityfocus com>
Sent: Friday, August 24, 2001 2:42 AM
Subject: RE: Code Red - A Possible Origin?


> > Tongue VERY firmly in cheek here, gang.  Let's not mistake a
> > group's target
> > of opportunity for the real thing.  But it's interesting that
> > somone would
> > have the balls to claim responsibility, no matter how indirectly.
>
> ...let's also add that there is a message written in black on black
> background which says:
>
> red worm denial-of-service dos code welcome to http://www.worm.com! Hacked
> by Chinese - xo ha
>
>
>
> --------------------------------------------------------------------------
--
> This list is provided by the SecurityFocus ARIS analyzer service.
> For more information on this free incident handling, management
> and tracking system please see: http://aris.securityfocus.com


----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com