Security Incidents mailing list archives

RE: FW: Wierd .ida request? What is it?

From: red0x <red0x () users sourceforge net>
Date: Mon, 03 Sep 2001 18:23:26 -0700

That's the weird thing, I don't have code red, its linux and apache..  so
wtf?

-----Original Message-----
From: bryan () nerdvest com [mailto:bryan () nerdvest com]On Behalf Of Bryan
Andersen
Sent: Monday, September 03, 2001 3:33 PM
To: red0x
Subject: Re: FW: Wierd .ida request? What is it?

red0x wrote:


Anyone know what this is? A new anti code red?


It exploits the hole left by CodeRedII to put a message on the
desktop of the infected system.  If you are seeing this, look at
the system that it's being sent to.  That system is very likely
infected with CodeRed and is actively scanning.  There have been
a number of similar responces.  Some are relatively benign, others
go as far as shutting down the infected system.

--
|  Bryan Andersen   |   bryan () visi com   |   http://www.nerdvest.com   |
| Buzzwords are like annoying little flies that deserve to be swatted. |
|   -Bryan Andersen                                                    |


----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

Current thread:

FW: Wierd .ida request? What is it? red0x (Sep 02)
- Re: FW: Wierd .ida request? What is it? Johannes Segitz (Sep 03)
- <Possible follow-ups>
- RE: FW: Wierd .ida request? What is it? red0x (Sep 03)
  - RE: FW: Wierd .ida request? What is it? Can Erkin Acar (Sep 03)