[21698] in bugtraq
Re: Full analysis of the .ida "Code Red" worm.
daemon@ATHENA.MIT.EDU (Pierre Vandevenne)
Fri Jul 20 01:14:21 2001
From: "Pierre Vandevenne" <pierre@datarescue.com>
To: "Laurence Hand" <lhand@co.la.ca.us>, "Marc Maiffret" <marc@eeye.com>
Cc: "BUGTRAQ" <BUGTRAQ@securityfocus.com>
Date: Fri, 20 Jul 2001 04:08:06 +0200
Reply-To: "Pierre Vandevenne" <pierre@datarescue.com>
In-Reply-To: <3B5770C8.4856618D@co.la.ca.us>
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
Message-ID: <99559213401@datarescue.be>
On Thu, 19 Jul 2001 16:44:08 -0700, Laurence Hand wrote:
>Did anyone else see that one of Microsoft's windowsupdate.microsoft.com
>servers got bit by this worm? It went away when we refreshed the screen
>and presumably rolled over to another server, but it is definitely on at
>least one of their servers.
Confirmed. Here's a "souvenir"
http://www.datarescue.com/fprot/virinfo/hackedbychinese.gif
This DOES raise some pretty fundamental questions about the security of
all the infrastructure, because, in theory the compromised servers
_could_ have been exploited more extensively and _could_ be delivering
nastily compromised stuff around. I have no reason to believe it has
happened, but still...
---
Pierre Vandevenne - DataRescue : home of the IDA Pro Disassembler
Advanced tools for the IT Security Industry. www.datarescue.com/idabase/
SM CF and MS Picture Recovery Software www.datarescue.com/photorescue/
