Security Incidents mailing list archives
RE: "Code Red" worm questions
From: "Marc Maiffret" <marc () eeye com>
Date: Wed, 18 Jul 2001 10:46:53 -0700
It has a jump location that works on all win2k sp versions (have only tested English, but from other research we think the worm only tries to attack English anyways). NT4 it just looks to crash it but we are not done with testing yet. It works very well and uses a lot of the new overflow techniques which allow it to execute code more often then crashing IIS web servers. Signed, Marc Maiffret Chief Hacking Officer eEye Digital Security T.949.349.9062 F.949.349.9538 http://eEye.com/Retina - Network Security Scanner http://eEye.com/Iris - Network Traffic Analyzer http://eEye.com/SecureIIS - Stop known and unknown IIS vulnerabilities |-----Original Message----- |From: w1re p4ir [mailto:w1rep4ir () disinfo net] |Sent: Wednesday, July 18, 2001 8:44 AM |To: incidents () securityfocus com |Subject: "Code Red" worm questions | | |I've read practically everything about this worm that has been |released. But there are a few questions that I have. First off, I |know the first exploit was written by hsj and it used the offsets |for the japanesse version of IIS. Now in this new worm, has the |code been modified with US (or other) offsets to attack english |versions? I have already had a call regarding a possible "break in |attempt." with very little other information. I would like to be |able to them either they are vulnerable to this worm or not. Thank you, |w1re | |____________________________________________________ |FREE Disinformation E-book - http://www.disinfo.com | | |------------------------------------------------------------------- |--------- | | |This list is provided by the SecurityFocus ARIS analyzer service. |For more information on this free incident handling, management |and tracking system please see: | |http://aris.securityfocus.com | | ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- "Code Red" worm questions w1re p4ir (Jul 18)
- Re: "Code Red" worm questions Nathan W. Labadie (Jul 18)
- Re: "Code Red" worm questions Chris Keladis (Jul 18)
- RE: "Code Red" worm questions Marc Maiffret (Jul 18)
- RE: "Code Red" worm questions Johannes B. Ullrich (Jul 18)
- RE: "Code Red" worm questions Marc Maiffret (Jul 18)
- RE: "Code Red" worm questions Eric Chien (Jul 19)
- RE: "Code Red" worm questions Johannes B. Ullrich (Jul 18)
- Re: "Code Red" worm questions Brian McWilliams (Jul 18)