Snort mailing list archives
Re: local codered infection
From: Ryan Russell <ryan () securityfocus com>
Date: Wed, 6 Feb 2002 13:30:38 -0700 (MST)
On Wed, 6 Feb 2002, Phil Wood wrote:
CodeRed.b is the only active one out there at the moment. It doesn't contain the string "cmd.exe". That was Codered II (CodeRed.c and CodeRed.d).For what it's worth, I saw 113,281 WEB-IIS cmd.exe accesses yesterday.
I should have said "the only active Code Red out there at the moment." Yours would be Nimda, and possibly a few Sadmind and manual attempts. The original poster was only asking about Code Red, but Nimda is certainly worth mentioning in this context. Sorry for the omission. Ryan _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- local codered infection bthaler (Feb 06)
- Re: local codered infection Ryan Russell (Feb 06)
- Re: local codered infection bthaler (Feb 06)
- Re: local codered infection Phil Wood (Feb 06)
- Re: local codered infection Ryan Russell (Feb 06)
- Re: local codered infection bthaler (Feb 06)
- Re: local codered infection Ryan Russell (Feb 06)
- <Possible follow-ups>
- RE: local codered infection Chip Kelly (Feb 06)