Slashdot Mirror

← Back to Stories (view on slashdot.org)

Code Red III

Posted by ryuzaki0 on from the are-we-there-yet-mommy dept.

drcrja was the first to send us this brief bit about Code Red III which is apparently faster and more vicious than its entertaining predecessors. I'm still wondering what I should do with the hundreds of IPs in my desktop's apache log trying hopelessly to overflow my buffer.

9 of 759 comments (clear)

  1. Who's at fault here? by Hygelac · · Score: 1, Redundant

    Well, contrary to what I've seen most people saying, I don't think it's Micros~1's fault. It's the adminintrator's responsibility to stay current. Laying this episode solely at the feet of Micros~2 is unfair. Yes, it's one of many exploits found in IIS, but NT admins, just like *nix and *BSD admins, have to be on their toes. IMNSHO, the Code Red episodes only show that thousands of NT admins are lazy morons.

    --
    -- Grow up and use mutt.
  2. OK lets shut down infected boxes - by Ozric · · Score: 1, Redundant

    Why can't we use the open cmd.exe to shutdown the IIS service on the infected boxes. I would like to know how to take control of an infected box and do just that. I don't know if it would be legal but, clogging up my connection will crap and not patching your server is just as bad. What is stopping us? Someone post how to do it please, I will shutdown all the boxes attacking me and if enuff people do it, we might just stop this bitch.

  3. At the risk of being redundant.. by citizenc · · Score: 0, Redundant

    .. why doesn't somebody just code up a worm similar to Code Red, but applies the IIS server patch? It could be done anonymously, just like the worms are.. I'd do it myself, but I'm not a coder. =/

    1. Re:At the risk of being redundant.. by Anonymous Coward · · Score: 1, Redundant

      I know its bad to say, but mabey its time to write one that wipes the systems of the people who havent patched yet. Some people really should learn about computer security the hard way.

  4. Code Red IV by drift+factor · · Score: 1, Redundant

    It's only a matter of time before CR4 hits, monopolizing off of CR2's success, and filling our web logs with GET /scripts/root.exe hits.

  5. Please by Tebriel · · Score: 0, Redundant

    As a personal favor... PATCH YOUR FSCKING SERVER! Thanks.

    --
    The Blaster Master Fighting for Truth, Justice, and Evil Pie since 1979
  6. Copycats by Wind_Walker · · Score: 0, Redundant
    This is getting a bit ridiculous. First it was Code Red, which was actually a pretty nice piece of code. Then Code Red II, which was a hack job by somebody who barely knew how to use a text editor. Now we have Code Red III? I'm willing to bet that it's an even worse job than II!

    This is the same damn thing that happened to the I Love You worm that spread around. About a week after it was calmed down, some 1337 5kr1p7 K1dd13 got a hold of it and changed 2 lines, re-releasing it. Stupid copycating, that's all it is.

    I'm willing to bet that whoever edited the virus this time is reading slashdot right now and is getting a boner off the fact somebody submitted it (if he didn't submit it himself).

    Get over it. Code Red is dead. And all the editing and all the 1337 references in the world are not going to help it; Just let it die.

  7. Details? by agusus · · Score: 0, Redundant

    That Cnet article isn't very descriptive... does anyone know the details on it... what is a "wider" back door - how much wider could it get?

  8. Linux to the rescue? by small_dick · · Score: 0, Redundant

    I have heard the affected machines have a r00t kit installed.

    If so, I wonder if some white hats could write a script that:

    1)detects an attack;
    2)goes into the Windows machine;
    3)installs the MS patch;
    4)reboots the Windows machine.

    That, altough technically illegal, would help clean up the problem, no?

    --


    Treatment, not tyranny. End the drug war and free our American POWs.
    See my user info for links.