Frozen Fido : RU.NETHACK : Re: Worms

ru.nethack

 
 - RU.NETHACK -------------------------------------------------------------------
 From : 3APA3A                               2:5020/400     14 Mar 2003  14:38:50
 To : Fedor Kudryashev
 Subject : Re: Worms
 --------------------------------------------------------------------------------

 Hello, Fedor!
 You wrote to All on Fri, 14 Mar 2003 10:57:04 +0300:
 
  FK> Hello all.
 
  FK>    В последнее время наблюдается повышенная активность чего-то, что
  FK> шлёт запросы типа
 
  FK> 194.85.98.134 - - [13/Mar/2003:18:32:16 +0300] "GET
  FK> /default.ida?
  FK> XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
  FK>
 
 XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
 XXX
 
  FK>
 
 XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
 XXX
 
  FK> %u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%
  FK> u7801%u9090%
  FK> u9090%u8190%u00c3%u0003%u8b00%u531b%u53ff%u0078%u0000%u00=a
  FK> HTTP/1.0" 404 279 "-" "-"
  FK> Активность невысокая, но разброс источников географически весьма
  FK> широк.
 
 From: Russ <Russ.Cooper@RC.ON.CA>
 To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM <NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM>
 Date: Tuesday, March 11, 2003, 9:27:32 PM
 Subject: Alert: New Code Red F worming its way through the 'net
 
 ===8<==============Original message text===============
 FYI, at 10:15am EST this morning WormCatcher detected a new variant of
 Code Red, called Code.Red.F, worming its way through hosts from Finland,
 the U.S., and Australia. Since then it has continued, slowly, infecting
 more hosts around the globe.
 
 The infection method is the same as the original Code Red, so the
 protections are the same;
 
 - Remove IIS from the box completely
 - Remove Script Mappings, particularly .IDA mappings
 - Patch (MS01-033)
 
 Too bad ISPs don't block access to attacking IIS boxes the way they did
 with Slammer. This version appears to eliminate or change the drop-dead
 date that previous versions of Code Red had.
 
 If you're interested in WormCatcher, check out;
 
 http://www.ntbugtraq.com/wormcatcher.asp
 
 Cheers,
 Russ - Surgeon General of TruSecure Corporation/NTBugtraq Editor
 "My thoughts are facts in my world, opinion to you. YMMV"
 
 oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
 Delivery co-sponsored by TruSecure
 oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
 FREE 14-DAY TRIAL of New Threat & Vulnerability Notification Service
 
 TruSecure's new IntelliShield(tm) web-based threat and vulnerability
 service isn't your typical alert service. Supported by TruSecure's vast
 intelligence resources - including the ICSA Labs - IntelliShield's early
 warning, analysis, decision support, and threat management tools provide
 organizations with unmatched intelligence to better protect critical
 information assets. Experience it for yourself - just click below to begin
 your FREE, NO OBLIGATION 14-day trial today!
 
 http://www.trusecure.com/offer/s0074/
 
 oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
 ===8<===========End of original message text===========
 /3APA3A
 http://www.security.nnov.ru
 --- ifmail v.2.15dev5
  * Origin: Demos online service (2:5020/400)

Вернуться к списку тем, сортированных по: возрастание даты уменьшение даты тема автор

Тема:	Автор:	Дата:
Re: Worms	3APA3A	14 Mar 2003 14:38:50

Архивное /ru.nethack/6577da1231b9.html, оценка 3 из 5, голосов 10