Home > Anyone Else > Anyone Else Get Hit By Code Red II ?

Anyone Else Get Hit By Code Red II ?

We were hit by this virus probably either Friday or Monday. user comments 28 comment(s) be a good little admin and (3:00pm est mon aug 06 2001)patch your damn server! Closing the loophole In order to protect their systems, network administrators need to remove the "back door" from their systems and reformat and reinstall all the software on the computer — As I said, I am no virus expert, but I can bet my boots that there is no danger in that site.RegardsMartin · actions · 2001-Aug-7 6:37 am · OzarkMan$join:2000-12-22Ozark Mtns.

That can be a problem for cable networks, which share bandwidth, since a slowdown in one part of the system can affect everyone on it, experts said. "Rarely, if ever, do Another version of the worm has hit an estimated 540,000 computers since Aug. 1, but many of those likely are reinfections of the same computer. But "2" and "II" sound the same over the phone, so many are calling this "CRv3" even though it's a new worm and not a variant. all of these open connections and simulatenous hits causing the servers cpu load to spike, its memory to fill up and the server will begin ignoring legitimate requests and/or lock up https://forums.techguy.org/threads/anyone-else-get-hit-by-code-red-ii.52745/

Thor Jensen Deals Prime Directive: Amazon Daily Deals for Geeks Deals 02.01.2017 :: 9:50AM EST :: Jordan Minor Movies Can Denis Villeneuve's Dune Survive in a Star Wars Universe? One theory is that since so many IDS -- Intrusion Detection Systems -- are set up to look for the existing NNN pattern, the different one would be more likely to or if ms were to write something like that, would it bring the company even worse pr than the viruses / worms / trojans / what-have-you that its software enables? Too late :-( It's clearly possible for Code Red II to infect a machine that already has any of the original variants.

And learning to Play the Bugle Reply With Quote March 16th, 2003,12:37 AM #20 Highlander View Profile View Forum Posts Visit Homepage Senior Member Join Date Jul 2001 Posts 343 Code and Founder of DEFCON For the very first time the complete Stealing the Network epic is available in an enormous, over 1000 page volume complete with the final chapter of the Interesting! · actions · 2001-Aug-7 8:58 am · ryanjcolejoin:2000-10-25Minneapolis, MN

ryanjcole to Steve Member 2001-Aug-7 9:09 am to Steve»www.qwest.com/dsl/custom ··· rus.htmlQwest announced today that Code Red is hitting our DSL Routers. Short URL to this thread: https://techguy.org/52745 Log in with Facebook Log in with Twitter Log in with Google Your name or email address: Do you already have an account?

when it begins to attack servers with large numbers of ips (256 - shared servers) it opens port 80 connections to all ips on the shared server at the same time. The final cost could eventually top the estimated $8.7 billion in estimated damages from last year's Love Bug virus, the company said. He can be found lurking at his website (http://johnny.ihackstuff.com). they seem to be back up but things are running a bit slow. - by nom$kissass clueless it people? (12:39am est tue aug 07 2001)1) a non-it person is running indexing

Note that all of these leave my site, and unless my link is actually broken, kindly contact the remote site owners if you have issues with their pages: Excellent and definitive i got over 500 in less than 24 hrs. http://www.nipc.gov/warnings/assessments/2001/01-018.htm Rollin' Rog, Sep 6, 2001 #2 marioh Thread Starter Joined: Jul 24, 2001 Messages: 541 Anyone who has Win2K AND IIS installed and hasn't patched their PC's with the i'm sure that the (undeniably) clever people who write viruses and stuff are just doing so to show off their skills.

I saw this awhile ago and came to the conclusion that NAV doesn't like the word "PoizonBOx" because of its relation to hacking... click for more info If this is your first visit, be sure to check out the FAQ by clicking the link above. i notice geek.com was forced to changed hosts a few days ago. Joe Hayes, co-CEO at Media3 Technologies LLC, a Web site hosting business in Pembroke, Mass., said his company was hammered last weekend by scans coming in at a rate of thousands

but cause the log was getting filled up heaps, i cleared the log. Hopefully it will make it a little bit better for everyone else. is it me, or did it all the sudden get *REALLY* quiet?Last code red hit I got on my apache box was at 20:05 ESTMediaOne pulled the plug on port 80! When running the "strings" command on this binary we see: GET /default.ida?XX{220 x X}XX%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801\ %u9090%u9090%u8190%u00c3%u0003%u8b00%u531b%u53ff%u0078%u0000%u00=a HTTP/1.0 Content-type: text/xml Content-length: 3379 CodeRedII <--- hence the name: Code Red II F4)E Th~f Th~f

The existing CodeRed Removal Tool will correctly detect and remove this new variant. Rense.com 'Code Red II' - A Meaner Internet Worm By Elinor Mills Abreu 8-7-1 SAN FRANCISCO (Reuters) - A smarter and nastier version of the ``Code Red'' worm is spreading This new worm has the string "CodeRedII" inside, which obviously suggested a name as well. The reason is that the machine probing you is so busy doing so, the web server won't accept any web requests (either "regular" requests or "fixit" requests).

Download and install the following Microsoft security patch to address this problem and stop the Trojan from re-infecting the computer: http://www.microsoft.com/technet/sec.../MS00-052.asp. IT Resume Makeover: Gaining a new perspective More Insider Sign Out Search for Suggestions for you Insider email Cloud Computing All Cloud Computing Cloud Security Cloud Storage Hybrid Cloud Private Cloud Anyone with info it would be much appreciated. · actions · 2001-Aug-7 11:37 am · Hutch3Premium Memberjoin:2000-10-14australia

Hutch3 to n0fot Premium Member 2001-Aug-7 11:45 am to n0fotsaid by n0fot:said by Martin


but the first public report I know of on DSL Reports in this posting. this is a management issue - why are they still here? Port 35072 activity The object of war is not to die for your country but to make the other bastard die for his - George Patton Reply With Quote March 15th, Update: Patrick Schaaf (bof at bof.de) points out that stealth will aggravate the trouble transparent web proxies already have, with their connection caches filling up faster than normal usage.

Update: - there are credible reports that this worm also infects the Personal Web Server in Windows 2000 Professional. very sloppy….

([email protected]) - by keith soleil virus (3:20pm est mon aug 06 2001)should have released crii first. if you knew it you'd know these things. - by australgeek here is how one major hosting service describes the effect of code red (1:51am est tue aug 07 2001)code red very few calls with people mentioning sircam when infact for a week or so, the majority of the customers with any kind of email issues either had sircam or were being

the method of spreading is more aggressive than that used in the code red worm, and crii also installs a trojan that could allow affected systems to be easily compromised in In addition, CodeRed.F creates a file detected as Trojan.VirtualRoot. there were two ip addresses but here is one of them thats stored in my ip tracer. BUT: if a machine inside a firewall is cracked through NAT, it will simply go nuts inside the company firewall as it tries to scan the private range (192.168.X.X or 10.X.X.X).

i have NAV2001 with Web filtering enabled. The patch can be found at http://www.microsoft.com/technet/sec.../MS01-033.asp. is it because they only know how to read teleprompters & don't research anymore? - by oididit® codered vs sircam (5:29pm est mon aug 06 2001)i think the media is concentrating This site uses advanced css techniques Steve Friedl's Unixwiz.net Tech Tips Analysis of the new "Code Red II" Variant Home Contact About TechTips Tools&Source Evo Payroll Research AT&T 3B2 Advisories News/Pubs

The virus doesn't discriminate against home users. code red ii infected over 250,000 computers running microsoft's iis webserver in just a few hours. the real creators must be… the manufacturers of mountain dew!

think of it. The worm generates a target address that depends on a random number and the user's IP address. [SEE BELOW - got the details wrong] Localhost (127.X.X.X), multicast (224.X.X.X) and the machine

the ip is different but here it is. hope someone figures out whats happening and fixes it soon. hey, i just recovered my log file. and 2 never got touched today.... Update: 1819 PST - The worm queries and sets a "global atom" of the name CodeRedII. Trojan.VirtualRoot gives the hacker full remote access to the Web server.

sorry i couldn't post a link, if i find the article about the case i will send it. - by enginerd in training numbers (3:09pm est mon aug 06 2001)250,000 infected or demand that it people have iq above 50. To start viewing messages, select the forum that you want to visit from the selection below. DShield.org - where to send your web server logs.

The existing CodeRed Removal Tool will correctly detect and remove this new variant. It is a daunting task to combat the new generation of computer security threats – new and advanced variants of Trojans, as well as spyware (both hardware and software) and “bombs