RE: [MLUG] CodeRedII - there's a variant now - READ THIS

["Ross, Matt" <EMAIL:PROTECTED>]

This makes "Code Redneck" worthless.  

"To aid performance, the worm uses a nonblocking socket to connect
to each target. Specifically this means that if one thread is
stuck waiting for a slow connection to a particular target,
the wait will not slow down the rest of the threads from continuing
their scanning function."

-----Original Message-----
From: Deterding, Brent D [mailto:EMAIL:PROTECTED]
Sent: Tuesday, August 07, 2001 10:09 PM
To: MLUG Members (E-mail)
Subject: [MLUG] CodeRedII - there's a variant now - READ THIS


Hey all,
	We're in INFOCON ORANGE now


	Just FYI there's a CodeRedII variant that circumvents the patch.
It's nasty. Just like CRII except it trojans something else and I'm not
sure what. 

	There's no documentation for it yet, but trust me its there. It
hit Asia first but it IS in the US now. 

	You ever see what this thing can do to an Active Directory
server? AAAAAAHHHHHHH my brain hurts. 

	Major ISPs are hurting BAD right now, as are most big companies.


	watch www.incidents.org for more information.


	Anyone want to take bets on the next version?
		I'll bet we'll see selectable targets
		Followed by atttacking the root name servers
					   ^^^^^^^^^^^^^^^^^^^^^ <--
nasty!

-- Brent

PS - I don't mean to sound like a doomsday prophet; but I spent all day
watching several class A's crumble with this. 
--
To manage your subscription, go to http://mlug.missouri.edu/members/edit.php

Archives are available at http://mlug.missouri.edu/list-archives/
--
To manage your subscription, go to http://mlug.missouri.edu/members/edit.php

Archives are available at http://mlug.missouri.edu/list-archives/