Security Incidents mailing list archives

Re: Re(2): new codered worm penetrates content-filtering

From: Ryan Russell <ryan () securityfocus com>
Date: Thu, 10 Jan 2002 13:43:23 -0700 (MST)

On Thu, 10 Jan 2002, Ken Eichman wrote:

4E 4E 4E 4E 4E 4E 4E 4E 4E 4E 4E 4E 4E E9 30 39  NNNNNNNNNNNNN.09
30 E6 38 35 38 EC 62 64 33 E7 38 30 31 E9 30 39  0.858.bd3.801.09


Note that something has done some decoding there.  This should start out:
NNNNN%u9090%u6858%ucbd3%u7801%u9090%...It's taking youre %uN and
converting it to 0xEN.  Any idea if that's on your end?

                                        Ryan




----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

Current thread:

Re(2): new codered worm penetrates content-filtering Ken Eichman (Jan 10)
- Re: Re(2): new codered worm penetrates content-filtering Ryan Russell (Jan 10)