-
Code Red 2
IT WAS NOT IMMEDIATELY clear if the new worm was a variant of Code Red or just a nastier copycat, but security experts have already started calling it Code Red II.
Last week, experts had warned that Code Red’s real danger was that it paved the way for creation of a much more destructive worm that employed Code Red’s successful tactics. Last week’s worm, while a nuisance, generally did nothing more than deface Web sites and attempt to spread itself.
The new worm realizes some of those initial fears. Upon infection, the worm leaves a back door so an attacker — any attacker — could easily enter an infected system and steal data.
“The end result ... is to leave your box wide open to remote connection and total compromise,” wrote Russ Cooper in an analysis of the worm posted to TruSecure Corp.’s NTBugtraq. Cooper moderates the popular mailing list.
In his analysis, Cooper said the only way victims can reclaim a compromised system is to reformat it, essentially wiping it clean.
http://www.msnbc.com/news/606910.asp?0dm=T11OT&cp1=1
A hastily written message on the SANS Institute Web site indicated that Code Red “probes” had increased on Saturday, suggesting a fresh spurt of activity. SANS, a computer security think-tank, had also discovered the new version installs a back door.
“The back door makes a command shell available to any attacker,” SANS said. A command shell gives an attacker a command line, familiar to users of MS-DOS. From a command line, an attacker can issue any command to the computer.
It was unclear early Sunday morning how fast the worm had spread, but anecdotal reports on computer security mailing lists suggest it is successfully propagating at a rate similar to last week’s Code Red outbreak. If that occurs, it would mean hundreds of thousands of Web servers around the Internet would be available to computer criminals for easy break-ins within a few hours.
LAST WEEK’S OUTBREAK
Last week’s Code Red outbreak was considered mostly a dud by general public standards, since there was no impact on overall Internet usage — despite the fact that nearly 300,000 computers were infected
------------------
"Onward Through the fog"
VDR SEARCH
Stings Shack™
-
This is gonna get kinda confusing, but Symantec shows an ID of a third varient as of yesterday.
This was posted this Am:
http://www.symantec.com/avcenter/ven...odered.v3.html
Keep in mind that the original worm is a couple of months old. It runs from the 1st until the 20th of a month, then targets the White House. As fast as it's growing, this could get interesting.
-
-
If an article today is accurate, Code Red 2 looks for new targets more than 4000 percent faster than Code Red. Ouch! No wonder the net seems to be slowing down.
http://www.foxnews.com/story/0,2933,31430,00.html
-
Had so many pings yesterday I finally turned the *&^% alert off--still noticed some real slowdowns though. God help the dude or dudette that started this if they catch him/her....(but not likely).
-
As usual The Register brings up some other points.
http://www.theregister.co.uk/content/4/20841.html
Like a lot of articles, this one is talking about V1 and V2. I think they are actually disussing V2 and V3.
Not too many folks saw the earlier stuff last month. But a fairly popular sight was taken down with it, before the latest reports.
So, I agree with John King's chrono.
After the lastest barriage in my ISP's domain, Windows failed to recognize my modem, and a reboot was required. Don't know if it's related, but I have never seen that before.
-
speculation.. ram resident.. ms particular server software is affected.
2-3rd red versions if they exist makes good headlines.
my 2 cents.
-
Not know if it related to all the activity going on lately (slooooooow downnnnnnns & pages not loading at all). But when I tried to access Symantec 'bout an hour ago all I got was about a dozen pop-up porn sites.
Things that make ya go hummmmmmmmmmmm.
------------------
Si Hoc Legere Scis Nimium Eruditionis Habes.
(translation: If you can read this you're
overeducated)
-
-
