nanog mailing list archives
CodeRedII worm..
From: Valdis.Kletnieks () vt edu
Date: Sun, 05 Aug 2001 04:28:27 -0400
Given that initial analysis of the CodeRedII worm indicates that it leaves a backdoor laying around, I hereby request that those people who made lists of infected hosts available last time *NOT* do so again. Although said lists *were* helpful in the analysis and study of the worm's tactics, the benefits are certainly outweighted by the fact that the new worm creates a known backdoor. I'm certain that both the CodeRedII author and other black hats would love for us to compile a list of afflicted hosts for them to use. So please everybody - if you're sending IP's in to be added to a table, make sure you're sending them to a white hat, not to a black hat who's managed to social-engineer you. If you're a white had compiling a list, make sure the guy's hat is at least a light grey before you give them a copy. ;) Valdis Kletnieks Operating Systems Analyst Virginia Tech
Current thread:
- CodeRedII worm.. Valdis . Kletnieks (Aug 05)
- Re: CodeRedII worm.. mike harrison (Aug 05)
- <Possible follow-ups>
- Re: CodeRedII worm.. Larry Sheldon (Aug 05)
- Re: CodeRedII worm.. Daniel Senie (Aug 05)
- Does Code Red infect Windows NT? Jeff Ogden (Aug 06)
- Re: Does Code Red infect Windows NT? John M Pedro (Aug 06)
- Re: CodeRedII worm.. Daniel Senie (Aug 05)