Slashdot Mirror

← Back to Stories (view on slashdot.org)

Code Red II: Shells for the Taking

Posted by CmdrTaco on from the it-keeps-getting-more-and-more-comical dept.

sigurdur writes "It seems there is a new and more malicious version of Code Red out there. This one seems to try and copy cmd.exe into a position where it is accesible to us all - the scripts directory. So far I have seen it reported on the intrusions-list at incidents.org where they also just put up a notice about this third generation Code Red worm." I still think sircam is more annoying since it affects every email user, and not primarily poorly administered websites. But imagine how much bandwidth Code Red and Sircam have wasted in the last few weeks?

14 of 602 comments (clear)

  1. Re:Origin of Code Red? by BalDown · · Score: 2, Funny

    Actually, yes it is based on Code Red Mountain Dew, and Pepsi evidentally didn't regard it as negative advertising, as last week they shipped over tons of cases of Code Red MD to the EEye team that named it.

    --
    You wasted packets to get this lousy sig.
  2. Re:Someone needs to write by Grishnakh · · Score: 2, Funny

    No, someone needs to write a strand that simply shuts down (or better yet wipes out the hard drives of) MS IIS servers. They're a hazard to everyone else on the internet and should be removed.

  3. CodeRed2 Explorer for your viewing pleasure by leonbrooks · · Score: 3, Funny
    It's a bit slap-dash, but here's CodeRed2 Explorer for your PHP-enabled web server. No need for Telnet, even: explore Windows-land a click at a time from the comfort of your browser. (-:

    PLEASE MIRROR THIS and post your mirror URLs in reply to this message (subject Mirror of CodeRed2) since that server is a club server, low bandwidth, low budget. But very secure (Debian on Sparc and well maintained :-)

    SlashDot (the pikers )-: wouldn't let me post directly to this page.

    --
    Got time? Spend some of it coding or testing
  4. I'm waiting for......... by Veachian64 · · Score: 0, Funny

    the CodeCam worm, a virus that sends private documents on your computer to IIS webservers and posts them on the web.

  5. Code Red Infects Slashdot! by Mdog · · Score: 5, Funny

    It's gotten to the editors! It's everywhere! It causes itself to be posted multiple times per day! Hide the women and children!

    --
    Slashdot 's editors are dickheads
    1. Re:Code Red Infects Slashdot! by CodeRed · · Score: 1, Funny

      I have been here a while my friend.

      I think for my next amazing trick, I'll send a bit of news about Code Red from CodeRed.

      --

      --
      CodeRed, the lower user #. No relation to SirCam.
  6. Finger of God by LinuxHam · · Score: 2, Funny

    Time the long-awaited "Finger of God" script. Fdisk 'em!

    --
    Intelligent Life on Earth
  7. Not a bug by Mike+Schiraldi · · Score: 5, Funny

    I've always wanted to be able to telnet into my Windows box. Where can i get this virus?

    --

    --
    Mod up a post Rob doesn't like and you'll never mod again

  8. CmdrTaco runs Windows by �nubis · · Score: 3, Funny

    I still think sircam is more annoying since it affects every email user

    Every email user?!? CmdrTaco must run Windows. Let's get him!

  9. Ummm, no actuall by kfg · · Score: 4, Funny

    If you take the water away completely and hold the frog over the heat sorce itself it will roast.

    Sorry, I'm "in a mood" today and I couldn't help myself.

    Still, it's interesting. If you put the frog in cold water and slowly turn up the heat what it will do, being cold blooded, is go to sleep long before it dies and *poaches.*

    What is the relevance and why should anyone care? Lobster.

    The correct way to cook a lobster, not matter what *anyone* tells you, is to put it in cold water and bring the heat up. The lobster relaxes and goes to sleep before it cooks.

    If you just dump it in hot water it goes " Eeeeeeeeeeee," tightens up all of its muscles and pumps lactic acid throughout its system before it dies.

    Starting in cold water is both more humane and results in quite noticably tastier lobster.

    KFG

  10. Re:The Breaking Point by Saint+Nobody · · Score: 3, Funny

    yeah, i laughed when i got a port 80 hit from cust2120.EzSecureHosting.com it's apparently not as secure as they would have people think, so customer 2120 could probably sue them.

    and microsoft has the same "we make no guarantees" clauses that free software licenses have, so either the case would be dismissed, or clauses like that would be ruled illegal, which could be bad for free software, unless they only made it illegal to attach those clauses to commercial software

    --
    #define F(x) int main(){printf(#x,10,#x);}
    F(#define F(x) int main(){printf(#x,10,#x);}%cF(%s))
  11. In other news... by wrinkledshirt · · Score: 2, Funny

    ...timothy and cmdr Taco both showed up to work today wearing matching golf shirts and Dockers pants. Upon further inspection, it was determined that they also had the exact same type of socks, shoes, and belts (they stopped short of comparing underoos). At some point, Hemos was quoted as saying, "You know, I think you two should talk to each other before coming in to work."

    --

    --------
    Bleah! Heh heh heh... BLEAH BLEAH!!! Ha ha ha ha...

  12. Re:Now that I've got access to hundreds of boxes by Anonymous Coward · · Score: 2, Funny
    White hat way:
    GET /scripts/root.exe?\c start [helpful info site]
    GET /scripts/root.exe?\c net send 127.0.0.1 You have Code Red! Patch your webserver, dammit!

    Black hat way:
    GET /scripts/root.exe?\c start http://goatse.cx/
    GET /scripts/root.exe?\c net send 127.0.0.1 j00 h4v3 b33n 0wn3d by [your name here]! u sux0r! 1 r0x0r!
    GET /scripts/root.exe?\c echo h4x0r3d by [your name here] > ..\index.html

    Weirding Way:
    GET /scripts/root.exe?\c start [Dune website]
    GET /scripts/root.exe?\c net send 127.0.0.1 We've got wormsign!

  13. Re:File download script by spectral · · Score: 1, Funny

    forget another worm, just make a counter-attack, not a counter-worm. you're scanned. In retaliation, fix it. Self-defense argument anyone?