[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[cobalt-users] Code-Red Worm Synopsis

Subject: [cobalt-users] Code-Red Worm Synopsis
From: "jonothon ortiz" <jon@xxxxxxxxx>
Date: Thu Jul 19 12:12:59 2001
List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>

Alright guys, here's the scoop.

Code-Red is a vicious worm that affects english-only Windows servers.
Indirectly it will attempt to find a default.ida vulnerability on anything
it can attempt to approximately 250 times or so. In other words, the
indirect attacks can cause a DDoS

It is not time based, it's date based. Infections began as early as July 1st
and stop(ped) today, July 19th. Tomorrow (July 20th) they will begin to
attack http://www.whitehouse.gov . All infected sites will have a chinese
banner and design with the words "welcome to http://www.worm.com - Hacked by
Chinese"

This will probably happen again next year if you DO NOT PATCH UP THE
COMPUTER WIN USERS!

Steve Gibson's right =\

-----Original Message-----
From: cobalt-users-admin@xxxxxxxxxxxxxxx
[mailto:cobalt-users-admin@xxxxxxxxxxxxxxx]On Behalf Of Paul
Sent: Thursday, July 19, 2001 7:29 PM
To: cobalt-users@xxxxxxxxxxxxxxx
Subject: Re: [cobalt-users] The Code-Red Worm is attacking... GOD it's
attacking.


>People. Put close attention on this. I got 280 machines connecting to my
>box in one hour. This doesn't seem to stop, nor I think it ever will.

I have several of these entries in my access log:

"GET
/default.ida?NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN
NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN
NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN
NNNNNNNNN%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%
u7801%u9090%u9090%u8190%u00c3%u0003%u8b00%u531b%u53ff%u0078%u0000%u00=a
HTTP/1.0" 302 578 "-" "-"

(sorry if this doesn't wrap or comes out horrible)
I've had 80 of these entries so far.
Are these log entries related to the Code-Red Worm? Shimi, can you post some
links to more information about this worm? I haven't found anything doing
searches.
Thanks,
Paul

_______________________________________________
cobalt-users mailing list
cobalt-users@xxxxxxxxxxxxxxx
To Subscribe or Unsubscribe, please go to:
http://list.cobalt.com/mailman/listinfo/cobalt-users

Follow-Ups:
- [cobalt-users] linux networking commands
  - From: Theo Jones

References:
- Re: [cobalt-users] The Code-Red Worm is attacking... GOD it's attacking.
  - From: Paul

Prev by Date: Re: [cobalt-users] The Code-Red Worm is attacking... GOD it's attacking.
Next by Date: Re: [cobalt-users] The Code-Red Worm is attacking... GOD it's attacking.
Previous by thread: Re: [cobalt-users] The Code-Red Worm is attacking... GOD it's attacking.
Next by thread: [cobalt-users] linux networking commands

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index