RE: [MLUG] CodeRedII - there's a variant now - READ THIS

Email address obfuscation in effect -- please click here to turn it off.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

To: <EMAIL:PROTECTED>
Subject: RE: [MLUG] CodeRedII - there's a variant now - READ THIS
From: "Deterding, Brent D" <EMAIL:PROTECTED>
Date: Wed, 8 Aug 2001 10:04:51 -0500
Reply-To: EMAIL:PROTECTED
Sender: EMAIL:PROTECTED
Thread-Index: AcEgDRdBQEBBglzHQeSpic9FLG3k4wADsDiA
Thread-Topic: [MLUG] CodeRedII - there's a variant now - READ THIS

Nah - CodeRedNeck still works just fine. The variant makes the patch
worthless. IF you have the variant.

-----Original Message-----
From: Ross, Matt [mailto:EMAIL:PROTECTED]
Sent: Wednesday, August 08, 2001 8:17 AM
To: EMAIL:PROTECTED
Subject: RE: [MLUG] CodeRedII - there's a variant now - READ THIS


This makes "Code Redneck" worthless.  

"To aid performance, the worm uses a nonblocking socket to connect
to each target. Specifically this means that if one thread is
stuck waiting for a slow connection to a particular target,
the wait will not slow down the rest of the threads from continuing
their scanning function."

-----Original Message-----
From: Deterding, Brent D [mailto:EMAIL:PROTECTED]
Sent: Tuesday, August 07, 2001 10:09 PM
To: MLUG Members (E-mail)
Subject: [MLUG] CodeRedII - there's a variant now - READ THIS


Hey all,
	We're in INFOCON ORANGE now


	Just FYI there's a CodeRedII variant that circumvents the patch.
It's nasty. Just like CRII except it trojans something else and I'm not
sure what. 

	There's no documentation for it yet, but trust me its there. It
hit Asia first but it IS in the US now. 

	You ever see what this thing can do to an Active Directory
server? AAAAAAHHHHHHH my brain hurts. 

	Major ISPs are hurting BAD right now, as are most big companies.


	watch www.incidents.org for more information.


	Anyone want to take bets on the next version?
		I'll bet we'll see selectable targets
		Followed by atttacking the root name servers
					   ^^^^^^^^^^^^^^^^^^^^^ <--
nasty!

-- Brent

PS - I don't mean to sound like a doomsday prophet; but I spent all day
watching several class A's crumble with this. 
--
To manage your subscription, go to
http://mlug.missouri.edu/members/edit.php

Archives are available at http://mlug.missouri.edu/list-archives/
--
To manage your subscription, go to
http://mlug.missouri.edu/members/edit.php

Archives are available at http://mlug.missouri.edu/list-archives/
--
To manage your subscription, go to http://mlug.missouri.edu/members/edit.php

Archives are available at http://mlug.missouri.edu/list-archives/

Prev by Date: RE: [MLUG] CodeRedII - there's a variant now - (Aka, delete Win2000)
Next by Date: [MLUG] Root Login - rdate sync....
Previous by thread: RE: [MLUG] CodeRedII - there's a variant now - READ THIS
Next by thread: RE: [MLUG] CodeRedII - there's a variant now - READ THIS
Index(es):
- Date
- Thread