Re: Revised CodeRed.pm - Wish List

> Daniel Aldham writes: Daniel> Could the code be added to to add a GET /scripts.root.exe Daniel> and then generate a pop-up screen on the infected host Daniel> warning the owner/administrator. And then maybe shutdown IIS Daniel> & CodeRed? Yes, I'm sure that we *could* add code to C

Re: Revised CodeRed.pm - Wish List

It looks like the latest CodeRed III compromises a server by putting a backdoor in place, such that a GET /scripts/root.exe will give anyone a shell on the infected machine. Could the code be added to to add a GET /scripts.root.exe and then generate a pop-up screen on the infected host warning th

Revised CodeRed.pm

I've modified CodeRed.pm again, such that it now (a) writes better log messages and (b) sends an automatic message to the SecurityFocus team, in the format that they specified. Rather than blast the source code across this mailing list repeatedly, I've put it up at

Revised CodeRed.pm

OK, folks; I've added (thanks in part to Randal's private suggestion) Cache::FileCache, which made it pretty trivial to ensure that we only send a single message per 24-hour period. I also added e-mail to administrator@ the infected host, since I've been getting a fair number of bounces from webm