[Subject Prev][Subject Next][Thread Prev][Thread Next][Subject Index][Thread Index]

Fw: CodeRedII worm..

-----Original Message-----
From: Valdis.Kletnieks@xxxxxx <Valdis.Kletnieks@xxxxxx>
To: nanog@xxxxxxxxx <nanog@xxxxxxxxx>; bugtraq@xxxxxxxxx
<bugtraq@xxxxxxxxx>; incidents@xxxxxxxxx <incidents@xxxxxxxxx>
Date: Sunday, August 05, 2001 4:30 PM
Subject: CodeRedII worm..

|Given that initial analysis of the CodeRedII worm indicates that it leaves
|a backdoor laying around, I hereby request that those people who made
|lists of infected hosts available last time *NOT* do so again.
|Although said lists *were* helpful in the analysis and study of the worm's
|tactics, the benefits are certainly outweighted by the fact that the new
|worm creates a known backdoor.  I'm certain that both the CodeRedII author
|and other black hats would love for us to compile a list of afflicted hosts
|for them to use.
|So please everybody - if you're sending IP's in to be added to a table,
|make sure you're sending them to a white hat, not to a black hat who's
|managed to social-engineer you.  If you're a white had compiling a list,
|make sure the guy's hat is at least a light grey before you give them
|a copy. ;)
| Valdis Kletnieks
| Operating Systems Analyst
| Virginia Tech