[lug] Fwd: New worm on the loose (Code Rainbow?)
Tony Dyson
the_anorak at worldnet.att.net
Sun Sep 23 08:00:10 MDT 2001
Before Nimda arrived, when CodeRed had already been heavily publicized
for weeks, we were still getting a couple of thousand attempts per day
showing in the snort logs. Nimda bumped that figure to over 10,000 for
the first couple of days.
There are evidently a *lot* of IIS servers out there that are
effectively permanent zombies. The people who own (sic) them don't know,
or care, what's happening on their servers. They haven't patched them
yet, which means they're probably never going to. That these boxes are
easy for the maliciously inclined to identify just makes things worse.
More information about the LUG
mailing list