This is the sadmind worm.

> -----Original Message-----
> From: Scott Wunsch [mailto:bugtraqtracking.wunsch.org]
> Sent: Wednesday, August 01, 2001 1:07 PM
> To: incidentssecurityfocus.com
> Subject: A new Code Red variant
>
>
> Glancing at my Apache logs, I noticed what looked like a
> typical Code Red
> hit at 11:50:59 CST from 61.141.213.162 (which resolves to a
> name in .cn).
> I fired up my web browser and pointed it at that IP,
> wondering whether it
> was defaced by CRv1, or looked normal (i.e., CRv2).
>
> It appears likely to be defaced, all right, but not with the
> usual CRv1
> message. Could we have yet another new strain out there?
>
> In case the box has been cleaned up, I mirrored the defaced page at
> <http://www.wunsch.org/mirrors/codered/>. The text is as
> follows, in red
> on a black background:
>
> > fuck CHINA Government
> >
> > fuck PoizonBOx
> >
> > contact:sysadmcnyahoo.com.cn
>
> --
> Take care,
> Scott \\'unsch
>
> ... St... St... Stu... St... Stuttering Ta... Tagline.
>

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]