During this round of Code Red, I've been hit 53 times already. 3 times in just the last 5 minutes. Believe it or not, you're being hit too. It's just that your machines don't log that fact. Mine does, and I'm getting tired of the logs filling with Code Red attempts. Not to worry, it has no other effect on Apache than filling up the log files... except that Code Red is also filling up the internet with useless bandwidth-hogging traffic-jamming garbage. It could be worse though. At least I'm not being hit as often as this guy! http://www.linuxplanet.com/linuxplanet/opinions/3647/1/ When someone is running a real network OS, you can usually send an e-mail informing him of the unusual activity coming from his machine. With MickeyMouseSoft, any Win2000 machine on someone's desktop becomes a viral vector, blind and deaf to any incoming helpful hints. In the world of real OS's, one could simply write an autoresponder to e-mail the admin@that address. At Win2000 and NT machines, nobody's listening 99% of the time. Yes, I've scanned many machines that sent me Code Red, and in general none have an SMTP server running. Come to think of it, that's probably just as well. I can just imagine a variant written to take advantage of IIS "open relay" mail servers! Yeah, it's probably just as well that Win2000 and NT machines remain as deaf, dumb and blind as possible. They'll figure out that they've been hit once their web pages inform them that they've been "Hacked by Chinese." There IS a MickeyMouseSoft patch for this worm. I suppose after a few months enough people will have downloaded and applied it, that the Code Red furor will die down... but guess what. Another exploit in IIS will be discovered by some other cracker, and the next worm could be even more devastating. I'm going to steal the last line from the article and start using it in my usenet sig file. Maybe if it's repeated often enough, the idea will start to catch on. "Point is, nothing here is unfamiliar or unexpected. How long does it take before there's general recognition that Microsoft software has no business on the Internet?" - Steve (in case anyone wonders, Code Red exploit follows, line breaks added) "GET /default.ida?NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN%u9090%u6858%ucbd3 %u7801%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u909 0%u8190%u00c3%u0003%u8b00%u531b%u53ff%u0078%u0000%u00=a HTTP/1.0"
