CodeRed Fix

[Wilfred L. Guerin]

Greetings all...

I ask a simple and profoundly obvious question... 

With eeye and others releaseing codeRed src almost a month ago, has anyone
bothered to modify the worm and bother distributing (by force) the file
checked by the current worm which will suppress its operation?

This is such an obvious fix, however noone seems to have yet had a clue to
do it?

Now that some of my boxes are being bothered with CRed noise, I'm prone to
creating a secondary replacement worm, mass distributing it, and using it
to squelch the bullshit of this one... 

If that many can be infected by using a psuedo-random sequence, this could
be easily traced or more effectively a far more effective sequencing
pattern for the disbersal could be utilized... 

Moreso, if noone is competant to have yet done this, can anyone provide an
EXTREMELY stable high-load capacity box which can accept reporting of
infected hosts? -- This would be highly useful in the target analysis of
the worm's progress... 

Granted, this is a distributed infiltration mechanism, however, I somehow
doubt the stateside feds and other morons would be contradicting of ceasing
a distributed attack, even if we do not bother to stop the wh.gov
targeting... 

It's wasting our resources, hastling all of us, etc.

So... two things:

A:	 Has anyone bothered to do this yet.

B:	 If I am personally gonna have to deal with this bs, can anyone offer a
logging-server target to send reports to?

I shall await reply to the CDR lists, or direct to "Wilfred at Cryogen.com" ...

-- I dont really want to waste the time fixing the code, though will if
this keeps up for long... 

Till the next annoyance (or the fix of this one),

-Wilfred L. Guerin
Wilfred at Cryogen.com


...