[40480] in North American Network Operators' Group
Re: Code Red 2 cleanup; reporting..
daemon@ATHENA.MIT.EDU (mike harrison)
Fri Aug 10 00:13:47 2001
Date: Fri, 10 Aug 2001 00:09:44 -0400 (EDT)
From: mike harrison <meuon@highertech.net>
To: "Christopher A. Woodfield" <rekoil@semihuman.com>
Cc: Mathias =?unknown-8bit?Q?K=F6rber?= <mathias@koerber.org>,
"z@s0be.net" <z@s0be.net>, "nanog@nanog.org" <nanog@nanog.org>
In-Reply-To: <20010809132803.C20909@semihuman.com>
Message-ID: <Pine.LNX.4.10.10108100007050.14898-100000@home.highertech.net>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Errors-To: owner-nanog-outgoing@merit.edu
> FWIW, I just tried to telnet to the 20 most recent hosts I got Code Red II
> probes from, and didn't get a shell prompt on any of them. Are people
> cleaning up their boxes that quickly?
I have been told, but not personally conformed confirmed of non IIS
machines being infected with CodeRed (I or II not known, assume II).
Infection method: running an file from somewhere? They still scan out
and seek victims, just no webserver running.
