[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Code red II propagation.
On Sun, Aug 05, 2001 at 04:54:23PM +0300, Haim Gelfenbeyn wrote:
> Yotam,
> I think you meant "backdoor" and not "trojan". Now, if you already know
> that, why are you posting list of compromised servers? To make it easy
> even for script kiddies who do not access to web server logs?
Well, no exactly. They also have a couple of backdoors, but the worm's 'main'
defense against annoying administrators is a binary called explorer.exe, which
can be considered a trojan, I was referring to that.
BTW, the script kiddies don't really need access to web server logs, they
can just use netcat, that should do the trick. There's really no harm in
publishing such information, it's publically available anyway.
Regards, Yotam Rubin
>
> > -----Original Message-----
> > From: linux-il-bounce@cs.huji.ac.il
> > [mailto:linux-il-bounce@cs.huji.ac.il] On Behalf Of Yotam Rubin
> > Sent: Sunday, August 05, 2001 4:35 PM
> > To: linux-il@linux.org.il
> > Subject: Code red II propagation.
> >
> >
> > Greetings,
> >
> > With the new worm out there, also known as Code Red II
> > it is very
> > easy to determine which hosts in Israel are infected. Just
> > for the sake
> > of gloating, I've provided the following list of infected
> > hosts in Israel:
> > (Obviously, this is far from definitive, this is only what
> > appears in my logs)
> > 192.117.120.98
> > 192.117.135.213
> > 192.117.138.34
> > 192.117.138.36
> > 192.117.140.211
> > 192.117.150.250
> > 192.117.153.52
> > 192.117.160.35
> > 192.117.166.25
> > 192.117.169.195
> > 192.117.172.214
> > 192.117.188.211
> > 192.117.188.245
> > 192.117.234.165
> > 192.117.234.185
> > 192.117.234.191
> > 192.117.234.232
> > 192.117.234.240
> > 192.117.234.91
> >
> > I think we can determine the approximate number of infected
> > hosts in Israel
> > with enough data, what are you seeing?
> > Oh yeah, BTW, the new worm also leaves a nice little trojan
> > on the infected
> > host so any little script kiddie can just grep his logs and
> > find machines
> > to abuse.
> >
> > Regards, Yotam Rubin
> >
> > =================================================================
> > To unsubscribe, send mail to linux-il-request@linux.org.il with
> > the word "unsubscribe" in the message body, e.g., run the command
> > echo unsubscribe | mail linux-il-request@linux.org.il
> >
> >
> >
>
=================================================================
To unsubscribe, send mail to linux-il-request@linux.org.il with
the word "unsubscribe" in the message body, e.g., run the command
echo unsubscribe | mail linux-il-request@linux.org.il