Security Incidents mailing list archives
Re: [unisog] Code Red(s) being confused with sadmind/IIS worm?
From: Paul L Schmehl <pauls () utdallas edu>
Date: Thu, 09 Aug 2001 18:25:08 -0500
--On Thursday, August 09, 2001 5:09 PM -0400 "Stephen W. Thompson" <thompson () pobox upenn edu> wrote:
The "signature" of Poisonworm is pretty obvious, and if we were seeing it, our IDS would be alerting on it. I haven't seen much of it for a while. It seems to have died off a short while after Code Red A became active.If I'm correct, that implies a) sadmind/IIS is more prevalent than we'd realized and, possibly b) that there might be a variant of sadmind/IIS that succeeds on non-Solaris machines unlike the original variant. Any corroboration on (b) from anyone?
En paz, Steve, (tired) security analyst
Yeah, no kidding. Paul L. Schmehl, pauls () utdallas edu http://www.utdallas.edu/~pauls/ Supervisor, Support Services The University of Texas at Dallas AVIEN Founding Member ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service.For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- Code Red(s) being confused with sadmind/IIS worm? Stephen W. Thompson (Aug 09)
- Re: [unisog] Code Red(s) being confused with sadmind/IIS worm? Anderson Johnston (Aug 10)
- Re: Code Red(s) being confused with sadmind/IIS worm? ghandi (Aug 10)
- Re: [unisog] Code Red(s) being confused with sadmind/IIS worm? Paul L Schmehl (Aug 10)
- Re: Code Red(s) being confused with sadmind/IIS worm? H C (Aug 10)