Slashdot Mirror

← Back to Stories (view on slashdot.org)

Code Red Back For More

Posted by timothy on from the more-bells-more-whistles dept.

Brian Stretch writes: "The Code Red II worm was unleashed early this morning and appears to be very different than the original and far more dangerous. CR2 infected servers only attack servers within their Class A address block and their Class B address block in particular: since 9:11am EST I've logged 148 CR2 attack attempts, 89 of which are from within my Class B subnet, suggesting that only servers within Class A networks that were deliberately seeded are being attacked. The 24.x.x.x range is one of the hardest hit, and as before, it's folks with cable modems and DSL connections that are providing the most victims." Several @home customers have written about slowed service today, but they're definitely not alone.

4 of 866 comments (clear)

  1. One monkey, one hour by grammar+fascist · · Score: 1, Flamebait

    The biggest problem I see is that any idiot can set up an IIS server.

    I went to a training class once on IIS - we put in the CD, clicked "OK" a lot, and we had a web server! W00t! With an Apache installation on *nix, you have to know more. This keeps the intelligence level higher on the world's collective Apache admins. (And before you bring it up - yes, I am worried that Linux might go the same way.)

    I've checked my logs and found the majority of attempts coming from sprintbbd.net. Now, it is VERY unlikely that real businesses with real, paid administrators get their connection from Sprint Broadband. (For one thing, the upload is capped at around 30k/sec.) I'll bet the majority of them are home user admin wanna-be's who run a pirated version of IIS. The chances are they don't know or don't care that they've been infected. (Or maybe they forgot that they installed a web server?)

    That's frightening. That leads me to believe that this worm will never go away. As long as there are enough monkeys, it'll stick around.

    --
    I got my Linux laptop at System76.
  2. Re:A few more details:It's a root trojan by ihawk · · Score: 0, Flamebait

    Hey don't worry about it man, I've got a couple of machines trawling through the address space doing deltrees on these motherfuckers. Screw NT and 2k, install Linux!

    And just how does that make you any different than the assholes who released this crap? You are damaging other people's property. Trying to disinfect might be considered acceptable self-defense. Destroying someone's filesystem after a virus left their system open is just opportunistic bullying like the scum who tried to rob the guy in San Jose after he got hit by a bus.

    Jackal.

  3. MSNBC Coverage by bloodgodjoe · · Score: 0, Flamebait

    I wonder why MSNBC isn't doing a major story on this.. Gee, I can't figure it out.. I'm just waiting for the headline stories about Microsoft's heads up coding preventing any worm like this from happening again 3 days before the next one strikes..

  4. Re:Would you like some cheese to go with your whin by cybrthng · · Score: 2, Flamebait

    waaaa waaaaa if no one asked why, then we wouldn't be here