Slashdot Mirror

← Back to Stories (view on slashdot.org)

Code Red Back For More

Posted by timothy on from the more-bells-more-whistles dept.

Brian Stretch writes: "The Code Red II worm was unleashed early this morning and appears to be very different than the original and far more dangerous. CR2 infected servers only attack servers within their Class A address block and their Class B address block in particular: since 9:11am EST I've logged 148 CR2 attack attempts, 89 of which are from within my Class B subnet, suggesting that only servers within Class A networks that were deliberately seeded are being attacked. The 24.x.x.x range is one of the hardest hit, and as before, it's folks with cable modems and DSL connections that are providing the most victims." Several @home customers have written about slowed service today, but they're definitely not alone.

4 of 866 comments (clear)

  1. Not 'Hacked by Chinese?' by cybermage · · Score: 2, Redundant

    I've gone and hit the addresses showing up in my logs and I haven't seen the tell-tale 'Hacked by Chinese' message. Seems like the new Code Red also leaves the default site at the IP address alone, making it less obvious that a server is infected. Joy.

    --
    Some people have a way with words, and some people, um, thingy.
  2. Re:that's what i thought by Magic5Ball · · Score: 0, Redundant
    Fsck he's busy :-)

    2416418hfc132.tampabay.rr.com - - [05/Aug/2001:03:13:37 -0600] "GET /default.ida?XXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXX%u9090%u6858%ucbd3%u7801%u9090%u6858 %ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u9090%u 8190%u00c3%u0003%u8b00%u531b%u53ff%u0078%u0000%u00 =a HTTP/1.0" 404 2911 "-" "-"
    --
    There are 1.1... kinds of people.
  3. The request by ConsumedByTV · · Score: 2, Redundant
    Here is the request I was hit with:

    "GET /default.ida?XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX%u9090%u6858% ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u6858%uc bd3%u7801%u9090%u9090%u8190%u00c3%u0003%u8b00%u531 b%u53ff%u0078%u0000%u00=a HTTP/1.0"


    So does this do anything differently?
    --


    "Not my manner of thinking but the manner of thinking of others has been the source of my unhappiness." - M
  4. Re:Something that should happen more often. by tswinzig · · Score: 3, Redundant

    Ha ha, that was funny! Of course we know worms never infect unix or open source systems !

    --

    "And like that ... he's gone."