[rescue] [OT] CodeRed activity?
Phil Brutsche
rescue at sunhelp.org
Sat Aug 4 22:17:12 CDT 2001
On 04 Aug 2001 22:56:03 -0400, Adam Kropelin wrote:
> Folks, I've been seeing a major increase in CodeRed scans here today (not
> that Apache cares...) -- about one every 1-2 minutes (to one given IP) as
> opposed to one an hour up until this afternoon. Looks like the new variant
> "XXXX" too.
Yep. The talk on various SecurityFocus mailing lists indicicates that
this is a new worm; or, at least a variant. The exploit is the same but
the actual worm code is very different.
> Scans exclusively are coming from 24.x.x.x range while previous days
> they came from all over.
Ditto. I've seen several hundred attempts from 24.22/16 since 9AM CST.
Good god, I've >this< close to getting more hits from this one today
than the other two variants did over a two week period...
Sometimes I feel sorry for the folks who run IIS.
--
Phil
More information about the rescue
mailing list