Re: Request for Information: study of patching a certain IIS-vulnerability

["Hugh Blandford" <hugh () island net au>]

> Date: Mon, 20 Oct 2003 13:56:56 +0300
> From: Mikael Riska <mikael.riska () hut fi>
> To: firewall-wizards () honor icsalabs com
> Subject: [fw-wiz] Request for Information: study of patching a certain
IIS-vulnerability
> I remember reading about someone doing a study on a how a certain
> IIS-patch was installed throughout the world. The study contained
> information about when server administrators installed a critical
> IIS-patch. (i.e. spikes immediately when the patch was released and
> another spike when a worm was developed). Unfortunately I can not
> remember which IIS-worm it was, and have not been succesful in finding
> the article from my own fw-wiz archives, so now I am hoping that some of
> you will recognize and remeber who wrote it, or where it was published.
>
>
>
> Mikael Riska
>
> Laboratory Engineer
>
> -- 
> Software Business and Engineering Institute tel. +358  9 451 6078
> P.O. Box 9600, FIN-02015 HUT, Finland fax  +358  9 451 4958
> Metsänneidonkuja 10, Espoo mob. +358 40 770 9900

Hi Mikael,

I can't tell you whether this is what you are looking for but the Code Red
worm springs to mind.  You can have a look at:

http://www.caida.org/analysis/security/code-red/

I just put

code red analysis

into Google and came up with quite a lot of info.

Regards,

Hugh Blandford

_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards