To: Multiple recipients of list ORACLE-L
Subject: RE: Code Red
Yeah, that's what I read. I had applied the patch and I
don't have Code red
or Code Red II, however it appears that I have something
else. It doesn't
seem to have worked but it looks like someone tried to deface
our website
PROTECTED]]
Sent: 07 August 2001 18:27
To: Multiple recipients of list ORACLE-L
Subject: RE: Code Red
Yeah, that's what I read. I had applied the patch and I
don't have Code red
or Code Red II, however it appears that I have something
else. It doesn't
seem to have worked but it looks
Can read all about sadmind at cert.
http://www.cert.org/advisories/CA-2001-11.html
-Original Message-
From: Kevin Kostyszyn [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, August 08, 2001 10:11 AM
To: Multiple recipients of list ORACLE-L
Subject: RE: Code Red
Paul,
Thanks
The trouble with code red was that it went through port 80,
which is left
open by firewalls because that is the port used for HTTP pages (WWW).
Closing that would mean no one could access Web pages. So
firewalls won't
help you re. things like that. You can now go through any
ports
Kevin,
don't you loove Uncle Bill's Fine Software?
http://www.google.com/search?hl=ensafe=offq=code+red
( http://www.securityfocus.com/headlines/12142 ,
http://www.digitalisland.net/codered ,
http://www.digitalisland.net/codered/CodeRed.pdf ,
Read
http://aris.securityfocus.com/alerts/codered2/010805-Analysis-CodeRedII.pdf
http://aris.securityfocus.com/alerts/codered2/010805-Analysis-CodeRedII.pdf
Patrice Boivin
Systems Analyst (Oracle Certified DBA)
Systems Admin Operations | Admin. et Exploit. des systèmes
Technology Services
The worm is just memory resident, so a reboot should get rid of it, BUT
without the patch, you'll get it right back.
The problem for the new version is it deposits a trojan backdoor on your
server.
Mcafee dat 4152 is supposed to find the trojan, I'm sure other virus
scanners are releasing
Yeah, that's what I read. I had applied the patch and I don't have Code red
or Code Red II, however it appears that I have something else. It doesn't
seem to have worked but it looks like someone tried to deface our website.
It's just a message that says f--k the us government and f--k
:[EMAIL PROTECTED]
-Original Message-
From: Kevin Kostyszyn [SMTP:[EMAIL PROTECTED]]
Sent: Tuesday, August 07, 2001 2:27 PM
To: Multiple recipients of list ORACLE-L
Subject:RE: Code Red
Yeah, that's what I read. I had applied
Maritimes, MPO
E-Mail: [EMAIL PROTECTED] mailto:[EMAIL PROTECTED]
-Original Message-
From: Kevin Kostyszyn [SMTP:[EMAIL PROTECTED]]
Sent: Tuesday, August 07, 2001 2:27 PM
To: Multiple recipients of list ORACLE-L
Subject:RE: Code Red
To: Multiple recipients of list ORACLE-L
Subject:RE: Code Red
Patrice,
I have a friend downstairs who said I should use Fprot to
get rid of this
rogue web page, I am going to download it now. I am interested in
this
TDS-3 program, can
)
-Original Message-
From: Kevin Kostyszyn [SMTP:[EMAIL PROTECTED]]
Sent: Tuesday, August 07, 2001 4:36 PM
To: Multiple recipients of list ORACLE-L
Subject:RE: Code Red
Patrice,
I have a friend downstairs who said I should use
12 matches
Mail list logo
