Information Security News mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Did FBI Ignore Code Red Warning?

From: InfoSec News <isn () c4i org>
Date: Fri, 7 Sep 2001 02:01:08 -0500 (CDT)
Forwarded from: "Jay D. Dyson" <jdyson () treachery net>

-----BEGIN PGP SIGNED MESSAGE-----

On Thu, 6 Sep 2001, InfoSec News wrote:


Kim Zetter, PCWorld.com
Tuesday, September 04, 2001

The Code Red threat seems to have finally halted its malicious crawl,


Not according to the logs and email reports I'm seeing!  The media
*feeding frenzy* over Code Red may have finally halted it malicious
crawl, but scanning from infected hosts hasn't.


        I would have to concur with Mr. Dittrich.  Code Red scans are
running at a slightly elevated pitch even now, six plus weeks following
its debut.

        Even on my picayune systems, I'm seeing an average of one Code Red
scan every eight minutes.  The scanning sites range from obviously client
systems to servers based in North and South America, Europe and Asia.  All
top-level domains appear to be represented: .COM, .ORG, .MIL, .EDU, .GOV,
.NET, and even .INT (!).

        As an aside, I received an email from a new user of Early Bird and
they reported 2,400 unique IP addresses attempting to infect their systems
with Code Red in the past 24 hours.  If there is any slowdown, it's likely
more akin to a traffic jam than a genuine cessation of Code Red scans.

- -Jay

  (    (                                                          _______
  ))   ))   .--"There's always time for a good cup of coffee"--.   >====<--.
C|~~|C|~~| (>------ Jay D. Dyson -- jdyson () treachery net ------<) |    = |-'
 `--' `--'  `--- Failure is never as devastating as regret. ---'  `------'

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: See http://www.treachery.net/~jdyson/ for current keys.

iQCVAwUBO5eNf7lDRyqRQ2a9AQGAwQP9Fzav++yxyO4hMUS8pmSHEK3Ja8RLbFKr
thshSoVZbYblw/uz2soCJNA7+DKhu0B/iYzNZoev7yvzPZv8NV3jKhYuN3jgUslp
wxm4i8Wlvc2OBpSCI1pi+Jx3xbfJs2Je9chYdDddHMVZDrQjx/BiQ2+Klo+mLqUm
6jPP6tDHE0Y=
=j775
-----END PGP SIGNATURE-----



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn' in the BODY
of the mail.
Previous By Date Next
Previous By Thread Next

Current thread: