|
-
August 5th, 2001, 05:15 PM
#1
Code Red 2
IT WAS NOT IMMEDIATELY clear if the new worm was a variant of Code Red or just a nastier copycat, but security experts have already started calling it Code Red II.
Last week, experts had warned that Code Red’s real danger was that it paved the way for creation of a much more destructive worm that employed Code Red’s successful tactics. Last week’s worm, while a nuisance, generally did nothing more than deface Web sites and attempt to spread itself.
The new worm realizes some of those initial fears. Upon infection, the worm leaves a back door so an attacker — any attacker — could easily enter an infected system and steal data.
“The end result ... is to leave your box wide open to remote connection and total compromise,” wrote Russ Cooper in an analysis of the worm posted to TruSecure Corp.’s NTBugtraq. Cooper moderates the popular mailing list.
In his analysis, Cooper said the only way victims can reclaim a compromised system is to reformat it, essentially wiping it clean.
http://www.msnbc.com/news/606910.asp?0dm=T11OT&cp1=1
A hastily written message on the SANS Institute Web site indicated that Code Red “probes” had increased on Saturday, suggesting a fresh spurt of activity. SANS, a computer security think-tank, had also discovered the new version installs a back door.
“The back door makes a command shell available to any attacker,” SANS said. A command shell gives an attacker a command line, familiar to users of MS-DOS. From a command line, an attacker can issue any command to the computer.
It was unclear early Sunday morning how fast the worm had spread, but anecdotal reports on computer security mailing lists suggest it is successfully propagating at a rate similar to last week’s Code Red outbreak. If that occurs, it would mean hundreds of thousands of Web servers around the Internet would be available to computer criminals for easy break-ins within a few hours.
LAST WEEK’S OUTBREAK
Last week’s Code Red outbreak was considered mostly a dud by general public standards, since there was no impact on overall Internet usage — despite the fact that nearly 300,000 computers were infected
------------------
"Onward Through the fog"
VDR SEARCH
Stings Shack™
"ONWARD THROUGH THE FOG"
"640K ought to be enough for anybody." - - Bill Gates, 1981
AMAZING TECHS
-
August 5th, 2001, 05:46 PM
#2
This is gonna get kinda confusing, but Symantec shows an ID of a third varient as of yesterday.
This was posted this Am:
http://www.symantec.com/avcenter/ven...odered.v3.html
Keep in mind that the original worm is a couple of months old. It runs from the 1st until the 20th of a month, then targets the White House. As fast as it's growing, this could get interesting.
-
August 6th, 2001, 09:28 AM
#3
The Omnibus Onion________
Asus something or other, xp2600+, 768ddr, ti 4400, winXP.....
Kenwood ts-180, carolina windom; instant messaging via f-layer propogation
-
August 6th, 2001, 11:30 AM
#4
If an article today is accurate, Code Red 2 looks for new targets more than 4000 percent faster than Code Red. Ouch! No wonder the net seems to be slowing down.
http://www.foxnews.com/story/0,2933,31430,00.html
-
August 6th, 2001, 12:29 PM
#5
Had so many pings yesterday I finally turned the *&^% alert off--still noticed some real slowdowns though. God help the dude or dudette that started this if they catch him/her....(but not likely).
Desktop: Intel i7 960 CPU @ 4.0GHz, EVGA Classified 4-Way SLI mobo, 12GB Corsair Dominator-GT 2000 DDR3 RAM, Crucial RealSSD C300 256GB Solid State Drive, Two WD 2TB SATA drives, 2x EVGA GTX 570 Superclocked graphics cards in SLI, Coolermaster HAF X full tower case, OCZ ZX 1250w PSU, Corsair H100 CPU Cooler
Laptop: MSI GT60-004US, 2x Seagate Momentus XT 750GB SSD Hybrid drives in RAID 0, 16GB DDR3 1600 RAM, GeForce 670M 3GB graphics card, Networks 'Killer' N-1103 WLAN card
-
August 6th, 2001, 02:06 PM
#6
As usual The Register brings up some other points.
http://www.theregister.co.uk/content/4/20841.html
Like a lot of articles, this one is talking about V1 and V2. I think they are actually disussing V2 and V3.
Not too many folks saw the earlier stuff last month. But a fairly popular sight was taken down with it, before the latest reports.
So, I agree with John King's chrono.
After the lastest barriage in my ISP's domain, Windows failed to recognize my modem, and a reboot was required. Don't know if it's related, but I have never seen that before.
-
August 6th, 2001, 02:50 PM
#7
speculation.. ram resident.. ms particular server software is affected.
2-3rd red versions if they exist makes good headlines.
my 2 cents.
-
August 6th, 2001, 04:20 PM
#8
Not know if it related to all the activity going on lately (slooooooow downnnnnnns & pages not loading at all). But when I tried to access Symantec 'bout an hour ago all I got was about a dozen pop-up porn sites.
Things that make ya go hummmmmmmmmmmm.
------------------
Si Hoc Legere Scis Nimium Eruditionis Habes.
(translation: If you can read this you're
overeducated)
Si Hoc Legere Scis Nimium Eruditionis Habes.
(translation: If you can read this you're
overeducated)
-
August 6th, 2001, 04:42 PM
#9
-
August 6th, 2001, 05:10 PM
#10
"ONWARD THROUGH THE FOG"
"640K ought to be enough for anybody." - - Bill Gates, 1981
AMAZING TECHS
Thread Information
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|
Reply With Quote
