Vulnerability Development mailing list archives

RE: Update to "Code Red" Worm. Its a date bomb, not time.

From: "Marc Maiffret" <marc () eeye com>
Date: Thu, 19 Jul 2001 22:10:43 -0000

It is hard coded to the IP address. :-/

Signed,
Marc Maiffret
Chief Hacking Officer
eEye Digital Security
T.949.349.9062
F.949.349.9538
http://eEye.com/Retina - Network Security Scanner
http://eEye.com/Iris - Network Traffic Analyzer
http://eEye.com/SecureIIS - Stop known and unknown IIS vulnerabilities

|-----Original Message-----
|From: matt sommer [mailto:mms () speakeasy org]
|Sent: Thursday, July 19, 2001 10:15 PM
|To: Marc Maiffret
|Cc: Vuln-Dev; SECURITY-BASICS
|Subject: Re: Update to "Code Red" Worm. Its a date bomb, not time.
|
|
|On Thu, 19 Jul 2001, Marc Maiffret wrote:
|
|> We made an error in our last analysis and said the worm would start
|> attacking whitehouse.gov based on a certain time. In reality its 
|based on a
|> date (the 20th UTC) which is tomorrow.
|>
|
|If the worm isnt hardwired to attack 198.137.240.91 and 198.137.240.92,
|its too bad the folks at www.whitehouse.gov probably arent willing to
|change their IN A records to 127.0.0.1 for a few days.
|
|-- 
|Matt Sommer [MMS26], CISSP
|
|
|
|

Current thread:

Re: A code red that could bring down the net?, (continued)
- - - Re: A code red that could bring down the net? Felix Harris (Jul 24)
    - Re: A code red that could bring down the net? David R. Conrad (Jul 25)
    - Re: A code red that could bring down the net? Lynn Crumbling (Jul 25)
    - Re: A code red that could bring down the net? Sven van ´t Veer (Jul 26)
    - Re: A code red that could bring down the net? security curmudgeon (Jul 26)
    - Re: A code red that could bring down the net? Ian Stoba (Jul 25)
    - Re: A code red that could bring down the net? Michael Tench (Jul 26)
    - Re: A code red that could bring down the net? Jose Nazario (Jul 26)
    - Re: A code red that could bring down the net? Meritt James (Jul 24)
- Re: Update to "Code Red" Worm. Its a date bomb, not time. matt sommer (Jul 19)
  - RE: Update to "Code Red" Worm. Its a date bomb, not time. Marc Maiffret (Jul 19)
  - Re: Update to "Code Red" Worm. Its a date bomb, not time. Blue Boar (Jul 19)
- RE: Update to "Code Red" Worm. Its a date bomb, not time. emerson . c . tan (Jul 19)
  - Re: Update to "Code Red" Worm. Its a date bomb, not time. Blue Boar (Jul 19)