The descriptions I've seen indicate that it has a flaw in
the attempt to pick random targets. It always uses the
same seed so every instance runs through the same addresses
in the same order. That means you will get hit by the same
box if it has been rebooted and then re-infected (and that it
is almost sure to be re-infected if the patch has not been applied).
Les Mikesell
[EMAIL PROTECTED]
----- Original Message -----
From: "Todd Finney" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Sunday, August 05, 2001 9:51 AM
Subject: Re: Module to catch (and warn about) Code Red
>
> I don't think this is an issue. Someone more familiar with the virus
> can chime in, but the information that's out there on it seems to
> indicate that it's not going to pick the same IP twice, except by
> chance.
