[21696] in bugtraq
Re: Mitigating some of the effects of the Code Red worm
daemon@ATHENA.MIT.EDU (Vincas Ciziunas)
Fri Jul 20 01:13:01 2001
Date: Fri, 20 Jul 2001 00:09:55 -0400 (EDT)
From: Vincas Ciziunas <fizban@tamos.net>
To: LARD BENJAMIN LEE <Benjamin.Lard@Colorado.EDU>
Cc: BUGTRAQ <BUGTRAQ@securityfocus.com>
In-Reply-To: <Pine.GSO.4.33.0107191753150.14342-100000@ucsub.colorado.edu>
Message-ID: <Pine.LNX.4.33.0107200008490.9010-100000@apoc.tamos.net>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
On Thu, 19 Jul 2001, LARD BENJAMIN LEE wrote:
> What I'm getting at, is for someone to create another exploit that creates
> the C:\notworm file in infected machines and does something to
> notify whoever is in charge of a particular box (even something as simple
> as placing you_are_hacked.txt and a link to the patch on the desktop could
> be beneficial). Even better, an exploit to patch a machine (through
> removing the .ida and .idq extensions) would prevent the inevitable wave
> of post-attacks (both from this worm and future attacks).
The only problem I forsee with that course of action is that for a while,
this worm may clog the networks up just as badly as Code Red.
-------------------------------------------------------------------------------
--Vincas Ciziunas--
(College Student, Linux Geek, Music Nut, Virginian)
fizban@tamos.net vciziuna@gmu.edu fizban@paulvi.net
http://www.tamos.net/~fizban
"There's nothing worse in the world than an angry tree," --Bob Ross
-------------------------------------------------------------------------------
