On Sun, Aug 05, 2001 at 07:02:35PM -0600, John Galt wrote: > [...] > CodeRed2. Nastier: it also copies cmd.exe to root.exe, and installs a > pseudo-r00tkit. If the IIS admins didn't learn the first time, they got > screwed hardcore the second. Not even a reacharound this time.
I get hit every 2 minutes. And apparently lots of computers are now advertising that they can be remotely controlled. Wouldn't it be nice if there were some 'hack' to send to such a server so that it gets fixed. I've got a list of hundreds of ip's of IIS-servers almost begging for an antidote! My stats for today (20 hours): 601 CodeRed2's, 8 CodeRed1's. With my cablemodem it looks like my whole country is infected. Although it's only 268 unique ip's. CodeRed2 attempts to spread a lot more than 1. Well, better start ignoring the output. Greetings, Chris Niekel -- Geek code version 3.1: GCS d- s++: a- C++$ ULSI++ P+(---) L+++>++++ E--- W++ N++ o K? w--- O M- V?>-- PS+ PE-() Y PGP+ t+>+++ 5? X- !R tv+ b DI++ D+ G>++ e+++ h--- r+++ y++++