Security Incidents mailing list archives
RE: CodeRedII - New non-variant codered worm - Analysis.
From: Josh Ballard <jballard () cloud cc ks us>
Date: 5 Aug 2001 22:42:58 -0000
Yes, they truly should have said that it was unlike the previous codered in the fact that it could only compromise 2k systems. CRv1 can compromise both, and CRv2 can only compromise 2k. Both systems fall for the exact same exploit, but the difference is in the payload. There is something in the payload that is incompatible with NT, and thus will just cause the IIS in NT to restart. I don't have the data in front of me, but I remember seing this and it made sense as to what it was at the time... That's just what I've seen and read anyway. Josh Ballard oofle.com Linux Firewall Center http://www.oofle.com/ jballard () cloud cc ks us ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- CodeRedII - New non-variant codered worm - Analysis. Marc Maiffret (Aug 05)
- RE: CodeRedII - New non-variant codered worm - Analysis. Michael Katz (Aug 05)
- RE: CodeRedII - New non-variant codered worm - Analysis. corecode (Aug 05)
- <Possible follow-ups>
- RE: CodeRedII - New non-variant codered worm - Analysis. Josh Ballard (Aug 05)
- RE: CodeRedII - New non-variant codered worm - Analysis. Michael Katz (Aug 05)