[Gllug] Code Blue - is it true?
Ian Northeast
ian at house-from-hell.demon.co.uk
Fri Sep 7 19:37:55 UTC 2001
jim wrote:
>
> On Fri, 7 Sep 2001, Rev Simon Rumble wrote:
> > Could well be true. My log files sure do have a bunch of these from
> > the last 24 hours:
> > 203.249.133.72 - - [07/Sep/2001:18:39:37 +1000] "GET
> > /default.ida?XXXXXX ...
>
> Nah, that's Code Red II.
>
> Great Yahoo! article, isn't it? "But the Code Red II worm faded away as
> people downloaded free patches from the Microsoft Web site which plugged
> the hole the worm used to enter computers." Yup, Microsoft save the day
> again. Hurrah for Bill! Quite apart from the spin it's JPNT ... code red
> II has certainly not faded away yet.
It was falling off last time I looked. I was getting 60/day at one
point, and it went down to 30/day. It's a few days since I checked, it's
getting boring:)
> "the Code Red worm and successors known as Code Red II and SirCam were
> still under investigation." SirCam's an Outlook virus, shorely, and is
> completely different.
It is indeed. I was treated to my first taste of SirCam the other day
BTW. Someone I have never heard of sent me it, so I replied suggesting
he get a virus checker[1], and 6 hours later he sent me another copy:)
> Anyway, it's the first I've heard about any Code Blue. I keep half an eye
> on Bugtraq but I haven't noticed anything there about it. Smells a little
> fishy to me ...
There's an entry on securityfocus but it's just a link to the Yahoo
article. Nothing I can see about what the worm looks like or any real
detail at all. The statement about SirCam does not lend credibility to
the article does it?
Regards, Ian
[1] yes, I did remove the virus from my reply
--
Gllug mailing list - Gllug at linux.co.uk
http://list.ftech.net/mailman/listinfo/gllug
More information about the GLLUG
mailing list