[40142] in North American Network Operators' Group
Re: Code Red growth stats
daemon@ATHENA.MIT.EDU (John Fraizer)
Thu Aug 2 12:37:57 2001
Date: Thu, 2 Aug 2001 12:37:24 -0400 (EDT)
From: John Fraizer <nanog@Overkill.EnterZone.Net>
To: Sean Donelan <sean@donelan.com>
Cc: nanog@nanog.org
In-Reply-To: <20010802074010.15290.cpmta@c011.sfo.cp.net>
Message-ID: <Pine.LNX.4.21.0108021232230.24518-100000@Overkill.EnterZone.Net>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Errors-To: owner-nanog-outgoing@merit.edu
On 2 Aug 2001, Sean Donelan wrote:
>
> On Wed, 01 August 2001, k claffy wrote:
> > also by AS and per country as of 20:00 GMT
> > http://worm-security-survey.caida.org/AS_summary.txt
>
> So much for China's claim they didn't have any infected computers.
> It looks like the worm doesn't discriminated based on political
> system.
>
I believe that the worm checked to see if the operating system was "US
English" and if so, it would deface the webpage. If not, it would simply
start its scanning/dDoSing. At least, that's what I gathered from eEye's
advisory.
Also note that them showing up in the caida.org summary indicates scanning
activity from China and not defacements. So, China's claim may be
partially true. They might not have had any defacements. (On non-US
English systems)
---
John Fraizer
EnterZone, Inc
