Security Incidents mailing list archives

Re: A new Code Red variant

From: Scott Wunsch <bugtraq () tracking wunsch org>
Date: Wed, 1 Aug 2001 13:15:35 -0600

On Wed, 01-Aug-2001 at 20:03:05 +0200, Andrew Cardwell wrote:

Interestingly when I view this page my virus checker (Norton) says that the
backdoor sadmind.dr is included in the temporary files downloaded when I
viewed the webpage (IE).

Scott - you may want to check your mirror.


It's plain old HTML.  It sounds like several anti-virus packages out there
have included a signature for the *HTML defacement page* produced by the
sadmind worm.  It's interesting behaviour on the part of the anti-virus
companies, but the page itself should be harmless.


On Wed, 01-Aug-2001 at 20:07:38 +0200, Andrew Cardwell wrote:

Some further information... do you have a Solaris box at
http://www.wunsch.org/?


Nope.

-- 
Take care,
Scott \\'unsch

... What a nice night for an evening!

Attachment: _bin
Description:

Current thread:

A new Code Red variant Scott Wunsch (Aug 01)
- Re: A new Code Red variant Blake Frantz (Aug 01)
- RE: A new Code Red variant JKruser (Aug 01)
- RE: A new Code Red variant Andrew Cardwell (Aug 01)
  - Re: A new Code Red variant Scott Wunsch (Aug 01)
  - Re: A new Code Red variant jason (Aug 01)
    - Re: A new Code Red variant Daniel Harrison (Aug 01)
- <Possible follow-ups>
- RE: A new Code Red variant Steve Halligan (Aug 01)
  - Apache Logs and Code Red andrew (Aug 01)