Bugtraq mailing list archives
RE: 'Code Red' does not seem to be scanning for IIS
From: Tony Langdon <tlangdon () atctraining com au>
Date: Fri, 20 Jul 2001 09:09:24 +1000
From what i read about the 'Code Red'-worm, it was supposed to be scanning for IIS-servers. It obviously is'nt, i believe it tries to infect everything they find on port 80, or something as simple as that.
I suspect you're right. I've noticed exploit attempts on all web servers here, but only one of them is running IIS. The IDS has been monitoring a rapid increase in IIS related attacks, which are presumably related to this worm. It started about 2-3 days ago, but the last 24 hours have been particularly intense. It's certainly not picky about what servers it will try and attack (though I can't see the exploits succeeding on the UNIX Apache servers ;) ).
About three to four days ago, i started to get those default.ida-GET's in my Apache-logs. I shut down the server as fast as i could, and checked for outgoing connections from my computer, and then did some research. I was told that it was an IIS-worm, and that it could'nt affect Apache-servers, so i was safe. I turned the server back on, and from that day i have received forty-one attempts.
I've had a lot more than 41. Every attempt is logged and archived here.
Current thread:
- 'Code Red' does not seem to be scanning for IIS Mike Brockman (Jul 19)
- RE: 'Code Red' does not seem to be scanning for IIS Marc Maiffret (Jul 19)
- RE: 'Code Red' does not seem to be scanning for IIS Emre Yildirim (Jul 19)
- Re: 'Code Red' does not seem to be scanning for IIS Ethan Butterfield (Jul 19)
- Re: 'Code Red' does not seem to be scanning for IIS daniel uriah clemens (Jul 19)
- Re: 'Code Red' does not seem to be scanning for IIS Ryan Russell (Jul 19)
- <Possible follow-ups>
- RE: 'Code Red' does not seem to be scanning for IIS Kelly Martin (Jul 19)
- Re(2): 'Code Red' does not seem to be scanning for IIS Ken Eichman (Jul 19)
- RE: 'Code Red' does not seem to be scanning for IIS Duncan Hill (Jul 19)
- Re: 'Code Red' does not seem to be scanning for IIS Stephen Cimarelli (Jul 19)
- RE: 'Code Red' does not seem to be scanning for IIS Tony Langdon (Jul 19)
- Re: 'Code Red' does not seem to be scanning for IIS George William Herbert (Jul 20)
- RE: 'Code Red' does not seem to be scanning for IIS Marc Maiffret (Jul 19)