On Fri, 3 Aug 2001, Steve wrote: > During this round of Code Red, I've been hit 53 > times already. 3 times in just the last 5 minutes. > Believe it or not, you're being hit too. It's just > that your machines don't log that fact. Code Red I was spreading at an increasing pace: 01 Aug - 15 02 Aug - 23 03 Aug - 30 04 Aug - 36 But since Code Red II came out late yesterday, it seems to have taken another jump in its ability to reach more machines faster. On 05 Aug as of 10:52 am, I'd already had 27 hits consisting of 4 Code Red I hits and 23 Code Red II hits. Code Red II leaves a back door into the compromised machine, allowing almost anyone to have root access to it. http://www.incidents.org/diary/diary.php > There IS a MickeyMouseSoft patch for this worm. I > suppose after a few months enough people will have > downloaded and applied it, that the Code Red furor will > die down... but guess what. Another exploit in IIS > will be discovered by some other cracker, and the next > worm could be even more devastating. Wow, and so soon too. The patch for Code Red I is neatly sidestepped by Code Red II, so those dedicated M$ admins who applied the first patch must now apply yet another. It baffles me no end why any webmaster or any kind of sysadmin would put up with this security-by-patch mentality. Of course, being released on the weekend as it was, many webmins won't even realize they're compromised until Monday morning, giving this worm a really great 2-day window of spreading unabated. (Code Red II follows) GET /default.ida?XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX%u9090%u685 8%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u 9090%u9090%u8190%u00c3%u0003%u8b00%u531b%u53ff%u0078%u0000%u00=a -- Steve Ackman http://twovoyagers.com Registered Linux User #79430 http://www.georgedillon.com/web/html_email_is_evil.shtml "Point is, nothing here is unfamiliar or unexpected. How long does it take before there's general recognition that Microsoft software has no business on the Internet? - Dennis E. Powell re: Code Red
