Code Red II (was Re: [plug] Barbarians at the gate...)
James Bromberger
james at rcpt.to
Sun Aug 5 13:17:51 WST 2001
On Sun, Aug 05, 2001 at 12:56:46PM +0800, Jason Belcher wrote:
> >On Sun, Aug 05, 2001 at 12:05:13PM +0800, James Bromberger wrote:
> >>I think it was said earler; Code Red is a buffer overflow exploit that
> >>makes an HTTP request starting "/default.ida", and then has lots of
> >>"NNN"'s in it.
> >>
> >Here is a bit of trivia:
> >
> >I grepped the logs of one web service I manage and found 188
> >attempts have been made to infect it in the last couple weeks!
> >
> As of about an hour ago, 61 attempts today (logs rotated midnight
> sunday) on mine...
New variant:
http://grc.com/x/talk.exe?cmd=article&group=grc.security&item=21295&utag=
This one uses XXXX in the request. Supposedly more potent address generation
scheme. *sigh*
James
--
James Bromberger <james_AT_rcpt.to> www.rcpt.to/~james
Remainder moved to http://www.rcpt.to/~james/james/sig.html
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 232 bytes
Desc: not available
URL: <http://lists.plug.org.au/pipermail/plug/attachments/20010805/88fa394c/attachment.pgp>
More information about the plug
mailing list