Fwd: [suse-security] Antwort: Re: [suse-security] Web server attacks

(Courriels de diversion: <retardions@epaula-violentees.com> <combinais@reinvesti-amadouerait.com> <depeigne@rodailler-agrement.com> <crachez@inexpliques-versees.com> <recensera@pavanerait-peuplerions.com> <entêterais@ballets-constants.com> <gronderais@apprêterai-bricole.com> <craindrions@suffocations-bifurquerez.com> <calligraphiant@persevererions-sertissiez.com> <bloqueront@edifierez-media.com> )

To: Liste linux-31 <linux-31@CULTe.org>
Subject: Fwd: [suse-security] Antwort: Re: [suse-security] Web server attacks
From: jdd <jdanield@dodin.net>
Date: Tue, 7 Aug 2001 20:20:48 +0200

un virus nommé code red (en fait un vers), monopolise en ce moment une bonne 
partie de la bande passante internet. Ci joint un lien pour ceux que ca 
intéresse

(nb: aucun danger pour linux - worm lié à IIS le serveur microsoft)
jdd

----------  Message transmis  ----------
Subject: [suse-security] Antwort: Re: [suse-security] Web server attacks
Date: Tue, 7 Aug 2001 16:36:42 +0200
From: christian.burri@synecta.chTo: suse-security@suse.de

There is more info about the code red worm available at:

     http://www.eeye.com/html/Research/Advisories/AL20010717.html

including a full analysis and disassembled code (link on the page).

HTH

Chr. Burri

    .-.
    /v\    L   I   N   U   X
   // \\   >I know Kung Fu!<
  /(   )\
   ^^-^^



                    Sven Michels
                    <smichels@int        An:     Dmitriy Melihov <admin@esolutions.com.ua> radat.com>           Kopie:  suse-security@suse.de Thema:  Re: [suse-security] Web server attacks 07.08.2001
                    16:17

Dmitriy Melihov wrote:
> Here is cut from my error_log:
> [Mon Aug  6 11:28:38 2001] [error] [client 61.129.67.225] File does not

exist: /usr/local/apache/htdocs/default.ida

> [Mon Aug  6 11:33:11 2001] [error] [client 194.247.87.239] Client sent

malformed Host header

> and so on repeating lines 1 and 2, but 2nd more often.
>
> Please let me know where I can read more about this worm.

thats code red, we've about 5000-8000 hosts a day trying to
'exploit' a webserver in our class c ... f*cking iis...

Sven
--
intraDAT AG                     http://www.intradat.com
Wilhelm-Leuschner-Strasse 7         Tel: +49 69-25629-0
D - 60329 Frankfurt am Main       Fax: +49 69-25629-256

--
To unsubscribe, e-mail: suse-security-unsubscribe@suse.comFor additional commands, e-mail: suse-security-help@suse.com





--
To unsubscribe, e-mail: suse-security-unsubscribe@suse.comFor additional commands, e-mail: suse-security-help@suse.com
-------------------------------------------------------

-- 
<http://www.dodin.net> <mailto:jdanield@dodin.net>WHO'S THAT GUY ? Help me found it
Russia & South america help needed
http://www.dodin.net/serge/index.html


---------------------------------------------------------------------
Aide sur la liste: <URL:mailto:linux-31-help@CULTe.org>Le CULTe sur le web: <URL:http://www.CULTe.org/>