[40263] in North American Network Operators' Group
Re: CodeRedII worm..
daemon@ATHENA.MIT.EDU (mike harrison)
Sun Aug 5 11:10:21 2001
Date: Sun, 5 Aug 2001 11:09:31 -0400 (EDT)
From: mike harrison <meuon@highertech.net>
To: "Valdis.Kletnieks@vt.edu" <Valdis.Kletnieks@vt.edu>
Cc: "nanog@merit.edu" <nanog@merit.edu>,
"bugtraq@merit.edu" <bugtraq@merit.edu>,
"incidents@merit.edu" <incidents@merit.edu>
In-Reply-To: <200108050828.f758SRv10569@foo-bar-baz.cc.vt.edu>
Message-ID: <Pine.LNX.4.10.10108051107420.8587-100000@home.highertech.net>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Errors-To: owner-nanog-outgoing@merit.edu
> worm creates a known backdoor. I'm certain that both the CodeRedII author
> and other black hats would love for us to compile a list of afflicted hosts
> for them to use.
They have a few 'friendly' webservers collecting addresses
just like we do. Everyone on the 'net with a sniffer or web log now
has such a list. It's a good thought though.
