Security Incidents mailing list archives

Re: What the *** is this

From: Justin Shore <macdaddy () neo pittstate edu>
Date: Fri, 10 Aug 2001 15:15:29 -0500

On 8/10/01 1:02 PM Steve Halligan said...

Check this out.  Is this media nonsense, or is there really something to it?

http://news.cnet.com/news/0-1003-200-6835996.html


Until that can be confirmed by actual hard fact (read: code), I'd not 
plan on an all-nighter with your firewall.  The other "CodeRed III" 
reports so far have sounded more like media misinterpretation of certain 
anti-virus makers reporting on CodeRed II, where they called it 
"CodeRed.v3" or "CodeRed III".  It's quite possible that there is another 
variant but it hasn't been proven yet.  It's also distinctly possible 
that the kiddies are taking advantage of the hype created by CodeRed to 
send their own destructive payloads (maybe forece the IIS machine to 
download and install NetBus or BO).  Maybe this isn't CodeRed but 
something else instead that uses root.exe to format the machine's drive.  
Take your pick of the litter but wait for proof before changing your 
weekend plans.

Justin



--
Justin Shore, ES-SS ES-SSR      Pittsburg State University
Network & Systems Manager       Kelce 157Q
Office of Information Systems   Pittsburg, KS 66762
Voice: (620) 235-4606           Fax: (620) 235-4545
http://www.pittstate.edu/ois/

Warning:  This message has been quadruple Rot13'ed for your protection.


----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

Current thread:

What the *** is this Steve Halligan (Aug 10)
- Re: What the *** is this Ryan Russell (Aug 10)
- Re: What the *** is this Nick FitzGerald (Aug 10)
- Re: What the *** is this dmuz (Aug 10)
- <Possible follow-ups>
- Re: What the *** is this Justin Shore (Aug 12)