Security Incidents mailing list archives
Re: Re(2): new codered worm penetrates content-filtering
From: Ryan Russell <ryan () securityfocus com>
Date: Thu, 10 Jan 2002 13:43:23 -0700 (MST)
On Thu, 10 Jan 2002, Ken Eichman wrote:
4E 4E 4E 4E 4E 4E 4E 4E 4E 4E 4E 4E 4E E9 30 39 NNNNNNNNNNNNN.09 30 E6 38 35 38 EC 62 64 33 E7 38 30 31 E9 30 39 0.858.bd3.801.09
Note that something has done some decoding there. This should start out: NNNNN%u9090%u6858%ucbd3%u7801%u9090%...It's taking youre %uN and converting it to 0xEN. Any idea if that's on your end? Ryan ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- Re(2): new codered worm penetrates content-filtering Ken Eichman (Jan 10)
- Re: Re(2): new codered worm penetrates content-filtering Ryan Russell (Jan 10)