Vulnerability Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: CR II - winME? confirmation? (Slightly OT)

From: HackHawk <hugh () hackhawk net>
Date: Wed, 08 Aug 2001 12:33:24 -0700
At 02:48 PM 8/8/01 +1200, Jason Haar wrote:

On Tue, Aug 07, 2001 at 04:55:50PM -0700, Amer Karim wrote:
> strangely.  Found out he was running W2K Pro w/ IIS installed (had a site
> running w/ pics of his family), and when I asked him if he’d patched it for
> the original CR he just gave a blank look ­ followed by “I though that was
> only for servers.” …I just about put my head through the wall. All my F/W’s
I'm connected to an Earthlink DSL line. Port 80 is getting hit about once every 30 to 90 seconds from a Code Red infected machine.
As a test, I connected to some of these systems with the UNICODE file execution string posted back in October/November of 2000. Out of 5 systems tested, (100%) 5 systems had not even patched that bug from last year!!!! People in general are just clueless about what's going on. 

It is a script kiddie heaven on Earthlink DSL lines!

- hh


:-)

Last week on our national radio station here in New Zealand, a rep from
Sophos said that all companies should be ensuring they have installed the
patch before the next wave of CodeRed went out. He then went on to
*explicitly* state that home users didn't have to worry about it as it only
affected commercial sites! :-/

--
Cheers

Jason Haar

Unix/Special Projects, Trimble NZ
Phone: +64 3 9635 377 Fax: +64 3 9635 417
Previous By Date Next
Previous By Thread Next

Current thread: