Vulnerability Development mailing list archives
Re: A code red that could bring down the net?
From: security curmudgeon <jericho () attrition org>
Date: Thu, 26 Jul 2001 12:15:32 -0600 (MDT)
Although I agree on the funny part, I would suppose that M$ has patched up it´s own servers ..
Or not. http://www.attrition.org/security/commentary/ms16.html Earlier today, two Microsoft Web sites fell victim to a new worm making the rounds nicknamed the '.ida "Code Red" worm' because part of the worm is designed to deface Web pages with the text "Hacked by Chinese" and also because Code Red Mountain Dew was apparently the only thing that kept employees from eEye Digital Security awake all last night to be able to disassemble the worm in detail. The worm propagates itself via Microsoft IIS Web servers through the .ida buffer overflow attack published a few weeks ago. The worm then sets itself up on the infected system and creates 99 other "threads" or instances of the virus to spread the worm to other Web servers. Full details of the worm can be found here: http://www.eeye.com/html/Research/Advisories/AL20010717.html The sites hit included the Windows Update Server (www.windowsupdate.microsoft.com). According to the regular page: Windows Update is the online extension of Windows that helps you get the most out of your computer. [snip..]
Current thread:
- Re: multi-OS infections (Multi OS shellcode), (continued)
- Re: multi-OS infections (Multi OS shellcode) Riley Hassell (Jul 24)
- Re: multi-OS infections (Multi OS shellcode) Damir Rajnovic (Jul 25)
- Re: multi-OS infections (Multi OS shellcode) corecode (Jul 25)
- RE: A code red that could bring down the net? Dom De Vitto (Jul 23)
- Re: A code red that could bring down the net? Birger Toedtmann (Jul 23)
- Re: A code red that could bring down the net? Michael Tench (Jul 23)
- Re: A code red that could bring down the net? Felix Harris (Jul 24)
- Re: A code red that could bring down the net? David R. Conrad (Jul 25)
- Re: A code red that could bring down the net? Lynn Crumbling (Jul 25)
- Re: A code red that could bring down the net? Sven van ´t Veer (Jul 26)
- Re: A code red that could bring down the net? security curmudgeon (Jul 26)
- Re: A code red that could bring down the net? Ian Stoba (Jul 25)
- Re: A code red that could bring down the net? Michael Tench (Jul 26)
- Re: A code red that could bring down the net? Jose Nazario (Jul 26)
- Re: A code red that could bring down the net? Meritt James (Jul 24)
- RE: Update to "Code Red" Worm. Its a date bomb, not time. Marc Maiffret (Jul 19)
- Re: Update to "Code Red" Worm. Its a date bomb, not time. Blue Boar (Jul 19)
- Re: Update to "Code Red" Worm. Its a date bomb, not time. Blue Boar (Jul 19)