Slashdot Mirror
Code Red Back For More
Brian Stretch writes: "The Code Red II worm was unleashed early this morning and appears to be very different than the original and far more dangerous. CR2 infected servers only attack servers within their Class A address block and their Class B address block in particular: since 9:11am EST I've logged 148 CR2 attack attempts, 89 of which are from within my Class B subnet, suggesting that only servers within Class A networks that were deliberately seeded are being attacked. The 24.x.x.x range is one of the hardest hit, and as before, it's folks with cable modems and DSL connections that are providing the most victims." Several @home customers have written about slowed service today, but they're definitely not alone.
Errrr.... More things named in my honor... This can't be good!
:-P
If worms start popping up with Linux4Green (my ICQ nick) then I know I'm bad luck.
--
CodeRed, the lower user #. No relation to SirCam.
Should read: Several @Home users reported that everything was moving along normaly. Most of thier friends giggled and left the room.
one better than mcleodeight
What the fuck? What the fuck is going on? How the fuck is it that I can have old ladies calling me up at work (tech support for an ISP) and asking if the reason they can't pick up their email is because of the Code Red worm, 'cos they saw the press conference and, hey, they're wondering, and something like 105,000 separate IP addresses are still infected? Did the rapture happen when I wasn't looking, and God took the people responsible for these computers, those left behind couldn't find the passwords anywhere? How is this possible?
(I know, I know; not everyone lives w/in viewing distance of CNN, default installations of MS whatever -- but still, this absolutely amazes me.)
Carousel is a lie!
...Pick any one.
"that's not encryption - it's a new perl script that I'm working on..." - from some Matrix parody
Wow, Cox has deployed IPv6 already? ;)
As long as they don't change that to the worth of their software, or $5 US, wichever is more.
--I assume full responsibility for my actions, except the ones that are someone else's fault.
...and I want to know if I'll get spanked for sending my log (367 entries and growing quite quickly) of these default.ida? requests to abuse@microsoft.com ;-)
I prefer the thing I've heard pool players say. It's a combination shot, so they "combinate".
This next song is very sad. Please clap along. -- Robin Zander
Taken from http://www.securitynewsportal.com/article.php?sid= 1354&mode=thread&order=0
= 1354&mode=thread&order=0 .
Code Red--the soda--has been spreading almost as fast as its namesake computer worm, which has infected hundreds of thousands of computers to date. The caffeine-laden, cherry-flavored version of its pale-yellow cousin, Mountain Dew, was released in May, months before the Code Red worm threatened to clog Internet traffic. And as computer security experts work to contain the damage from the Code Red worm, the soda's maker, Pepsi, is coincidentally featuring a "Crack the Code" contest on the Mountain Dew Web site.
Code Red has been an especially big hit with computer programmers, who often guzzle the high-octane drink to fuel late-night code-writing sessions. Among the drink's fans were the staff of eEye Digital Security, who say they identified the Code Red worm and named it after their favorite soda..
The rest of the story can be found on http://www.securitynewsportal.com/article.php?sid
Its funny. Laugh. Please?
I hereby propose we adopt your post as a convention.
We can thus encode "war stories" about the latest [worm/virus/trojan] as follows, saving Slashdot a fortune in bandwidth charges.
For instance, I can now describe my evening as follows:
"IIS. Code Red II. flaw. IIS. doesn't. FreeBSD. 429. worms. thousands. Apache. Apache. FreeBSD. company. worm. 6.2MB."
-S
--- What parts of "shall make no law", "shall not be infringed", and "shall not be violated" don't you understand?
Man, I'm glad that I'm not using Minesweeper. This new virus exploits an unexploded mine in Minesweeper, and it does use Outlook and the stupidity of users. Luckily, I'm running OpenMine, so I'm not at risk. In fact, OpenMine has protected me from 2^37-302 virii. And just look at the millions of dollars that I've saved using OpenMine. I hope that this OpenMine takes off, along with OS/2. Unfortunately, my doghouse has to pay for the stupidity of Microsoft: this virus sucked 212 nibbles of bandwidth!
"Evil company X is threatening to restrict our rights! Let's all get together to stop--OOOH! SHINEY!!!" -- AC
Well, with everyone feeling the need to chime in about what ranges they see like we did when we were taking bets if school would be canceled, I just felt like saying:
Nothing from the 192.168.0.x range here!!
=)
Wheeeee
Modify the code red code to apply the security patch to the vulnerable IIS servers and reboot the system? While this is potentially destructive to your system (I'm told -- MS security patches and all that) it would pretty well take care of this problem...
Nah, this will just make the sysadmins even lazier.
SysAdmin #1: Dude, your NT machines are all infected with Code Red!
SysAdmin #2: I know! I'm just waiting for for them to be infected with the fix... should be any day now...
"And like that
Someone should copyright the "code red algorithm".
Or maybe patent it. Also how about sending the BSA after anyone running it without a licence.
WHY do i have to pay extra for the functionality of NOT being succeptable to virii and net attacks?
:-p
Actually, you don't. Linux is free
We don't have a state-run media we have a media-run state.
Look at his street address...
This guy's computer is infected and attacking me every 10 minutes or so. I went to his web page and found this resume which indicates the guy is a Windows2000 expert and Network Technician!
Bah, what a waste. Screw that, here are some other things you should do along with your white hat program:
/. stories with one of two comments: "dammit, this is a duplicate! Here is the original at goatse.cx", or "Katz iz 4 t00l!!!1@".
:)
1. Distribute Elcomsoft's e-book reader to all compromised boxes; search for any Adobe e-books and write out a plaintext copy.
2. Append the code to DeCSS to all Word documents on the box.
3. Modify the code to only patch the box when Dmitry is finally released from jail.
4. Install Linux; reboot.
5. Install BSD; reboot.
6. Configure box to DoS MS's IIS patch servers; condemn MS for making patches inaccessible.
7. Script all boxes to respond to
8. Install SETI; add the box to your team; brag about your high score.
Note: these are jokes. Please, please, do not do these things. Especially because if you do, the feds will come knocking on my door.
Wouldn't the best and quickest fix be to telnet into the machines and give 'em the old:
c:\deltree windows
maybe we could even install scripts on our own servers to automatically do this each time we recieve a new attack. Automated windows repair solutions.
Dozings.com -- Its kinda funny... If you're as crazy as me.
Man, I'm glad that I'm not using [Microsoft Product]. This new [virus/worm/trojan] exploits a [flaw/bug/backdoor] in [Microsoft Product], and it [does/doesn't] use Outlook and the stupidity of users. Luckily, I'm running [Free alternative to Microsoft product], so I'm not at risk. In fact, [Free alternative to Microsoft product] has protected me from [any integer over 200] [viruses/worms/trojans]. And just look at the [hundreds/thousands/millions/billions] of dollars that I've saved using [Free alternative to Microsoft product]. I hope that this [Free alternative to Microsoft product] takes off, along with [free alternative to Microsoft OS]. Unfortunately, my [company/home] has to pay for the stupidity of Microsoft: this [virus/worm/trojan] sucked [250KB/250MB/250GB/250TB] of bandwidth!
My range, I don't seem to find anything coming from 127.x.x.x and I installed CodeRedII myself.