CodeRed Replication

Wednesday, September 5th, 2001 at 12:00 am | 1,536 views | trackback url

CodeRed Replication

    500 infections total so far on one of my externally-facing machines,

    376 of them in the past 24 hours. The remaining 124 hits were stagnant for two weeks. I can’t believe Microsoft is touting that there haven’t been any newly infected computers in 72 hours.

    Grab this IIS Shutdown Countermeasures cgi script and help try to stop the replication.

    I’m working on an update to patch these servers at request time. NT and Windows 2000 both have tftp clients. All I need to do is set up a tftp server on my box, and use root.exe to grab the patch from my tftp server and install it. Need to test that first though.

    I posted an interesting conspiracy theory on this one (09/05/2001: updated link because Slashdot changed their comment URI format).

    We could have infected every vulnerable machine in the
    world in 15 minutes
    if it were written a bit differently.

    I get DSL (finally!) and now every provider is under a Denial of Service attack thanks to CodeRed and SirCam. Lovely. Back to dialup performance on a DSL connection.

    Microsoft: What was that you were saying again about Linux being viral?

    Oh wait, if we all ran WinXP, this probably wouldn’t have happened, right?


    Much more work to be done on too many projects.

Last Modified: Wednesday, September 5th, 2001 @ 00:00

Leave a Reply

You must be logged in to post a comment.

Bad Behavior has blocked 1332 access attempts in the last 7 days.