Code Red II - Dead Thread

[Alfred Huger <ah () securityfocus com>]

Hey all,

Well we have suffered through yet another worm attack and the Internet
still seems to be humming along. Granted this worm was more aggressive and
better written than other win32 based worms we have seen, it is none the
less more or less a non-issue now. We will see it continue it's activity
for quite some time in the future, in fact if ARIS is any indication it
does not seem to be abating just yet. However, the conversation around it
is going to stop here.

If you have something new and previously not discussed here I will post it
through, otherwise though let's move on and wait for the next worm to come
our way. I suspect we will not have to wait too terribly long.

In terms of the ARIS notification program we set up, we are stopping it
now. We recieved logs for well over 200,000 infected hosts and notified as
such. However, at this point we seem to running into alot of overlap and
admins do not need us sending them mail if they have already recieved it.
To further complicate the situation about 50% of the hosts we notified
against for this version of the worm had already recieved a notification
for the last worm. Meaning they were infected, and two notifications later
are still infected. You can still notify if you are an ARIS Analyzer user,
but our mail in program to aris-report () securityfocus com is now done, for
now.

Thankyou *very much* for the thousands of people who sent in logs, your
help is deeply appreciated here. I wish I could name you all but this
message would be 200 pages long if I did. Your contributions are
appreciated.

Cheers,
-al

VP Engineering
SecurityFocus.com
"Vae Victis"


----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com