Steve
SAS-70 is extortion
Consultant
join:2001-03-10
Tustin, CA
| Busy busy busy
The first public report that I've been able to find of the Code Red II web server log signature was found right here at DSL Reports in this thread: http://www.dslreports.com/forum/remark,1224346;root=security,1;mode=flat . Since I had just written my websnarf tool, I checked my own system and found not only the web signature but a copy of the worm itself. Then it all started.
I knew that others would be doing the detailed analysis -- the boys at eEye are really good at this -- but I decided to do an ongoing update as well. BugTraq was strangely quiet for 12 hours on this, so DSLReports was one of the better places to go for Code Red II information for most of Saturday.
What a weekend.
Steve
--
Stephen J. Friedl / Software Consultant / Tustin, California USA / »www.unixwiz.net |
|
mjf
" "
Premium,Mod
join:2000-08-05
New Orleans, LA
clubs: | All I can say is that it is great to have you with us! |
|
mr sean
Professional Infidel
Premium,ExMod 2001-07
join:2001-04-03
N. Absentia
clubs: | A job well done Steve. Nice to have that kind of knowledge and dedication made available.
--
furiosus et melancholicus |
|
Anon | reply to Steve
Thank you thank you thank you.
As a technical support supervisor for a broadband company, I have already dealt with several customers who have been infected by the latest round of the CRWv2. Thanks for the indepth analysis which I made a manditory read by my techs.
Excellent write up!
Thanks again |
|
jaykaykay
4 Ever Young
Premium,MVM
join:2000-04-13
Scottsdale, AZ
 ·Speakeasy
edited
| reply to Steve
Take off a little time for a good game of tennis. You've been hard at work for the benefit of many. Now it's time to rest a little on your laurels and relax for a moment or 2. Thanks for the great education and all the hard work.
[text was edited by author 2001-08-06 20:30:03] |
|
