Security Incidents mailing list archives
Re: A new Code Red variant
From: Scott Wunsch <bugtraq () tracking wunsch org>
Date: Wed, 1 Aug 2001 13:15:35 -0600
On Wed, 01-Aug-2001 at 20:03:05 +0200, Andrew Cardwell wrote:
Interestingly when I view this page my virus checker (Norton) says that the backdoor sadmind.dr is included in the temporary files downloaded when I viewed the webpage (IE). Scott - you may want to check your mirror.
It's plain old HTML. It sounds like several anti-virus packages out there have included a signature for the *HTML defacement page* produced by the sadmind worm. It's interesting behaviour on the part of the anti-virus companies, but the page itself should be harmless. On Wed, 01-Aug-2001 at 20:07:38 +0200, Andrew Cardwell wrote:
Some further information... do you have a Solaris box at http://www.wunsch.org/?
Nope. -- Take care, Scott \\'unsch ... What a nice night for an evening!
Attachment:
_bin
Description:
Current thread:
- A new Code Red variant Scott Wunsch (Aug 01)
- Re: A new Code Red variant Blake Frantz (Aug 01)
- RE: A new Code Red variant JKruser (Aug 01)
- RE: A new Code Red variant Andrew Cardwell (Aug 01)
- Re: A new Code Red variant Scott Wunsch (Aug 01)
- Re: A new Code Red variant jason (Aug 01)
- Re: A new Code Red variant Daniel Harrison (Aug 01)
- <Possible follow-ups>
- RE: A new Code Red variant Steve Halligan (Aug 01)
- Apache Logs and Code Red andrew (Aug 01)