[MLUG] CodeRedII - there's a variant now - READ THIS

Email address obfuscation in effect -- please click here to turn it off.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

To: "MLUG Members (E-mail)" <EMAIL:PROTECTED>
Subject: [MLUG] CodeRedII - there's a variant now - READ THIS
From: "Deterding, Brent D" <EMAIL:PROTECTED>
Date: Tue, 7 Aug 2001 22:08:30 -0500
Reply-To: EMAIL:PROTECTED
Sender: EMAIL:PROTECTED
Thread-Index: AcEft9RdKWws4IuoEdWytAAQpKsOBA==
Thread-Topic: CodeRedII - there's a variant now - READ THIS

Hey all,
	We're in INFOCON ORANGE now


	Just FYI there's a CodeRedII variant that circumvents the patch.
It's nasty. Just like CRII except it trojans something else and I'm not
sure what. 

	There's no documentation for it yet, but trust me its there. It
hit Asia first but it IS in the US now. 

	You ever see what this thing can do to an Active Directory
server? AAAAAAHHHHHHH my brain hurts. 

	Major ISPs are hurting BAD right now, as are most big companies.


	watch www.incidents.org for more information.


	Anyone want to take bets on the next version?
		I'll bet we'll see selectable targets
		Followed by atttacking the root name servers
					   ^^^^^^^^^^^^^^^^^^^^^ <--
nasty!

-- Brent

PS - I don't mean to sound like a doomsday prophet; but I spent all day
watching several class A's crumble with this. 
--
To manage your subscription, go to http://mlug.missouri.edu/members/edit.php

Archives are available at http://mlug.missouri.edu/list-archives/

Follow-Ups:
- RE: [MLUG] CodeRedII - there's a variant now - READ THIS
  - From: "Sam Napier" <EMAIL:PROTECTED>

Prev by Date: RE: [MLUG] Bengal Question - remote mounting the drives
Next by Date: RE: [MLUG] CodeRedII - there's a variant now - READ THIS
Previous by thread: [MLUG] big brother...no kidding
Next by thread: RE: [MLUG] CodeRedII - there's a variant now - READ THIS
Index(es):
- Date
- Thread