Security Incidents mailing list archives

The Return of Code Red II?

From: "Stan Burditzman" <slidefx2 () hotmail com>
Date: Tue, 11 Mar 2003 11:24:09 -0600

Is anyone else seeing traffic generated by Code Red II. I thought it wasn'tsupposed to propagate after 10/01? Unfortunately I don't have the wholestring but here is the RealSecure Event.


Event Name:     HTTP_Code_Red_II
Date/Time:      2003/03/11 09:32:11
Source Addr:    211.148.215.243
Destination Addr:       161.xxx.xxx.xxx
Protocol Id:    TCP(6)
URL:    /default.ida
arg:    
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX%u9090%u6858%ucbd3%u7801%


_________________________________________________________________

Tired of spam? Get advanced junk mail protection with MSN 8.http://join.msn.com/?page=features/junkmail



----------------------------------------------------------------------------

<Pre>Lose another weekend managing your IDS?
Take back your personal time.
15-day free trial of StillSecure Border Guard.</Pre>
<A href="http://www.securityfocus.com/stillsecure";> http://www.securityfocus.com/stillsecure </A>

Current thread:

The Return of Code Red II? Stan Burditzman (Mar 11)
- Re: The Return of Code Red II? Jay D. Dyson (Mar 11)
- SV: The Return of Code Red II? Peter Kruse (Mar 11)
- Re: The Return of Code Red II? Christine Kronberg (Mar 12)
- <Possible follow-ups>
- Re: The Return of Code Red II? David C. Lewis (Mar 11)
- Re: The Return of Code Red II? Kevin Patz (Mar 11)
- Re: The Return of Code Red II? Roger Thompson (Mar 11)