Latest CodeRed variant, Day Two

Latest CodeRed variant lacks built in obsolescence. Same old tricks with moderate-to-low risk worm [The Register] Saw a couple hits in the web server log yesterday: GET /default.ida followed by a slew of NNNNNNN’s. If you didn’t see hits in your logs (you do read your logs daily, don’t you?), perhaps you’d better check to make sure you’re not infected. – France, ADSL – Taiwan – Digital Solutions, San Jose

and on the second day, – a customer of DataPipe of Hoboken, NJ – a customer of HSE, Kingston, Ontario, Canada – a repeat, from above. Five times. – XO Communications, seven times. – Bell Nexxia, Toronto, Ontario, Canada – SBC Internet of Meriden, CT

So, I went from three to sixteen attacks in a single day. Hysterial media would predict the end of the world by the end of the week. Me, I think I’ll just send email to the abuse aliases for the clients I can find.

Thanks to the ARIN WhoIs for the lookups.

Powered by WordPress. Designed by Woo Themes

This work by Ted Roche is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 3.0 United States.