[21685] in bugtraq
Re: Full analysis of the .ida "Code Red" worm.
daemon@ATHENA.MIT.EDU (Laurence Hand)
Thu Jul 19 21:23:15 2001
Message-ID: <3B5770C8.4856618D@co.la.ca.us>
Date: Thu, 19 Jul 2001 16:44:08 -0700
From: Laurence Hand <lhand@co.la.ca.us>
MIME-Version: 1.0
To: Marc Maiffret <marc@eeye.com>
Cc: BUGTRAQ <BUGTRAQ@securityfocus.com>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Did anyone else see that one of Microsoft's windowsupdate.microsoft.com
servers got bit by this worm? It went away when we refreshed the screen
and presumably rolled over to another server, but it is definitely on at
least one of their servers.
I know MS watches this list, so I hope they will be checking their
servers before this starts the DDOS tomorrow.
Marc Maiffret wrote:
>
> The following is a detailed analysis of the "Code Red" .ida worm that we
> reported on July 17th 2001.
>
<snip>
