Code Red seems to be back.
Michael H. Warfield
mhw at wittsend.com
Tue Sep 18 21:03:26 PDT 2001
On Tue, Sep 18, 2001 at 03:58:56PM -0700, John Young wrote:
> The worm hit Cryptome at 8:43 AM EST and is now sucking
> at a rate of about 90% of the load. As others have noted,
> the bulk of the hits appear to be coming from our own
> ISP, either by design or by spoofing the origin. Our server
> is on Apache but the worm generates endless errors
> attempting to find holes in IIS.
This is NOT Code Red but another assinine E-Mail worm that
also tries IIS and netbios propagation. Unfortunately, it is being
VERY successful at all of the above. More like "Code Red on Steriords".
Not just Grannie and her hotmail account with an MS Mail client but it's
even propagating to Samba shares and other SMB connections with "guest"
accounts.
> Pervasive DDoS attacks are reportedly underway at gov
> sites. We are not seeing an unusual number of that type.
Nothing targeted like that...
To paraphrase the movie "Labyrinth"... No... Just a worm...
Mike
--
Michael H. Warfield | (770) 985-6132 | mhw at WittsEnd.com
(The Mad Wizard) | (678) 463-0932 | http://www.wittsend.com/mhw/
NIC whois: MHW9 | An optimist believes we live in the best of all
PGP Key: 0xDF1DD471 | possible worlds. A pessimist is sure of it!
More information about the cypherpunks-legacy
mailing list