>> > >> > >> > if you grep your http access log for "default.ida" (good sign >> > of a code red attempt on an apache box) >> > >> > you'll see that code red has infected as many new machines in >> > the alst two days as it did on 20 July > >> I have had 47 in the last 24 hrs. > >Please use follow-up response. > >Anyone noting trends between 7/20 and 8/2? I've got 30 v. 49, >respectively. Looks like this is actually the bigger attack. >
actually i ran http-analyze over a file i grepped out of the log the bug only ran for a few hours in "propogate mode" on the 20th before switching to "attack mode" and went back to propogate 2 days ago (and because propogate is less damaging everyone thought it was gone) and yes a quick look at the graph will tell you it's building into something much bigger than before