Snort mailing list archives
Re: Code Green???
From: Ian Cudlip <ian () insight-media co uk>
Date: Tue, 18 Sep 2001 19:55:47 +0100
This seems normal... Update - NAI have released version 2 of their extra.dat which seems to detect things now.... You can use this for scanning exes. AVP works too. Theres no point to scan for readme.exe, that is the virus itself - cmd.exe, root.exe etc. are scanned to attempt to infect the machines.. Has anyone gone through the binary with an editor yet to get out all these registry changes it might to make? (quickly gone through myself).. Ian. On Tuesday 18 September 2001 7:47 pm, Tim Parker wrote:
I'm seeing entries in our IIS logs for the requests (cmd.exe, root.exe, etc) but no emails or downloads of the readme.exe file from our servers....does that sound normal. As far as I can see I have us patched for the sec. rollup and the previous unicode...... -----Original Message----- From: Ian Cudlip [mailto:ian () insight-media co uk] Sent: Tuesday, September 18, 2001 1:56 PM To: Steve Halligan; 'richard'; snort-users () lists sourceforge net Subject: Re: [Snort-users] Code Green??? I've had it infect machines patched for code red, but not patched with the ms sec. roll-up. Ian. On Tuesday 18 September 2001 5:34 pm, Steve Halligan wrote:This infected our previously patched for code red, winnt and win2k systems.. One of them i even fixed yesterday and put Microsofts CodeRedCleanup tool on it. It is placing the root.exe file on the hard drive.Can anyone verify that this is infecting IIS server patched to current levels? _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- RE: Code Green???, (continued)
- RE: Code Green??? Jim Howard (Sep 18)
- RE: Code Green??? Steve Halligan (Sep 18)
- RE: Code Green??? Lodin, Steven {GZ-Q~Mannheim} (Sep 18)
- RE: Code Green??? richard (Sep 18)
- RE: Code Green??? Steve Halligan (Sep 18)
- RE: Code Green??? Ed Kasky (Sep 18)
- RE: Code Green??? Steve Halligan (Sep 18)
- Re: Code Green??? Ian Cudlip (Sep 18)
- RE: Code Green??? John Steniger (Sep 18)
- RE: Code Green??? Tim Parker (Sep 18)
- Re: Code Green??? Ian Cudlip (Sep 18)
- RE: Code Green??? Missaghi, Shawn (Sep 18)
- RE: Code Green??? Dominick, David (Sep 18)
- RE: Code Green??? Patrick Coomans (Sep 18)