Security Incidents mailing list archives

Re: Code Red gone to sleep?

From: "Kath" <kath () kathweb net>
Date: Tue, 2 Oct 2001 19:37:25 -0400

Nimda attacks are actually down according to my snort sensor.

- k

----- Original Message -----
From: "Jay D. Dyson" <jdyson () treachery net>
To: "Incidents List" <incidents () securityfocus com>
Sent: Tuesday, October 02, 2001 6:54 PM
Subject: Code Red gone to sleep?

-----BEGIN PGP SIGNED MESSAGE-----

Hi folks,

We were discussing on the Early Bird Developers list that none of
us have seen any Code Red scans since September 30th.  This can only mean
one of four things:

1. Code Red has "gone to sleep,"

2. Code Red committed ritual seppuku and rm'd every box it
previously infected,

3. Nimda has taken over all previously infected Code Red
systems[*],

4. All the automated intrusion attempt notices finally paid
off and affected sites have finally shut their infected
systems down.

While I'd like to believe that the silence is due to option #4,
experience leads me to believe that options #1 and #2 are most likely, and
option #3 is a close runner-up.

- - -Jay

* Nimda is still banging away like a nympho bunny on Spanish Fly.

  (    (                                                         _______
  ))   ))   .-"There's always time for a good cup of coffee."-.
====<--.
C|~~|C|~~| (>------ Jay D. Dyson - jdyson () treachery net ------<) |    =

|-'

 `--' `--'  `--------------- rm -rf /bin/laden ---------------'  `------'

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: See http://www.treachery.net/~jdyson/ for current keys.

iQCVAwUBO7o3j7lDRyqRQ2a9AQH6JgP/dBanAhC7L2O9Y0DiqXYx7sqX/dmiSmVh
Bd4eBI/t/01FmYBg+EV3SgFWrX/+u+JCl5soPz/ck0XQ+0YN5Lmq3ltsw1TDqwVa
ApyxIRhNBe3hZSpID1LnpuNuNpQm+O3ZXD/jXPRGHVnaobzjAMnPwDYNhNGHRUhV
wIJs3tFt6VM=
=yh/M
-----END PGP SIGNATURE-----


--------------------------------------------------------------------------

--

This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com



----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

Current thread:

Code Red gone to sleep? Jay D. Dyson (Oct 02)
- Re: Code Red gone to sleep? Ryan Russell (Oct 02)
- Re: Code Red gone to sleep? Kath (Oct 02)
- Re: Code Red gone to sleep? cambria (Oct 02)
  - Re: Code Red gone to sleep? Andreas Östling (Oct 03)
- Re: Code Red gone to sleep? hvdkooij (Oct 04)
  - Re: Code Red gone to sleep? cambria (Oct 05)