Vulnerability Development mailing list archives
Re: Update to "Code Red" Worm. Its a date bomb, not time.
From: Blue Boar <BlueBoar () thievco com>
Date: Thu, 19 Jul 2001 15:38:07 -0700
It's hardcoded to 198.137.240.91 (www1.whitehouse.gov): seg000:000008EB C7 85 80 FE FF FF+ mov dword ptr [ebp-180h], 5BF089C6h ; set ip (www.whitehouse.gov) (From Marc's disassembly). BB matt sommer wrote:
On Thu, 19 Jul 2001, Marc Maiffret wrote:We made an error in our last analysis and said the worm would start attacking whitehouse.gov based on a certain time. In reality its based on a date (the 20th UTC) which is tomorrow.If the worm isnt hardwired to attack 198.137.240.91 and 198.137.240.92, its too bad the folks at www.whitehouse.gov probably arent willing to change their IN A records to 127.0.0.1 for a few days. -- Matt Sommer [MMS26], CISSP
Current thread:
- Re: A code red that could bring down the net?, (continued)
- Re: A code red that could bring down the net? David R. Conrad (Jul 25)
- Re: A code red that could bring down the net? Lynn Crumbling (Jul 25)
- Re: A code red that could bring down the net? Sven van ´t Veer (Jul 26)
- Re: A code red that could bring down the net? security curmudgeon (Jul 26)
- Re: A code red that could bring down the net? Ian Stoba (Jul 25)
- Re: A code red that could bring down the net? Michael Tench (Jul 26)
- Re: A code red that could bring down the net? Jose Nazario (Jul 26)
- Re: A code red that could bring down the net? Meritt James (Jul 24)
- RE: Update to "Code Red" Worm. Its a date bomb, not time. Marc Maiffret (Jul 19)
- Re: Update to "Code Red" Worm. Its a date bomb, not time. Blue Boar (Jul 19)
- Re: Update to "Code Red" Worm. Its a date bomb, not time. Blue Boar (Jul 19)