Security Incidents mailing list archives

Re: Code Red gone to sleep?

From: cambria () owt com
Date: Thu, 04 Oct 2001 20:51:39 -0700

On 10/5/2001 at 1:29 AM hvdkooij () vanderkooij org wrote:

It seems CodeRed isn't dead yet. I just logged an access attempt to
default.ida from a Korean machine that seem to be infected with some
strand.

The server reported on port 80:

HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Sun, 10 Jun 2001 23:22:54 GMT   <---

[snip]

Note that this server's date is not set properly.  That is probably why it is still infected.  CodeRed II is set to 
disable itself October 1.

Best regards,

Greg





----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com

Current thread:

Code Red gone to sleep? Jay D. Dyson (Oct 02)
- Re: Code Red gone to sleep? Ryan Russell (Oct 02)
- Re: Code Red gone to sleep? Kath (Oct 02)
- Re: Code Red gone to sleep? cambria (Oct 02)
  - Re: Code Red gone to sleep? Andreas Östling (Oct 03)
- Re: Code Red gone to sleep? hvdkooij (Oct 04)
  - Re: Code Red gone to sleep? cambria (Oct 05)