For 2 or 3 years after the initial release of the Code Red (well, CRv2) worm, the web servers that I maintained would get a series of hits every month. Beginning on about the 10th of the month, I'd see the first hit, and by the 18th or 19th of the month, I'd see 10 or so a day. This went on for (as I recall) better than 2 years.
Suddenly, I stopped seeing CRv2 hits. Does anybody know what happened? I have to reject the "IIS 5.0 got phased out" argument, as I would have seen a gradual decrease. I saw a sudden disappearance. Did somebody fix up and release Markus Kern's "Code Green" counter-worm? I never saw any of Herbert Hexxer's active anti-worm scans, so I doubt that was the cause. _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
