OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: Marc Maiffret (marcEEYE.COM)
Date: Fri Jul 20 2001 - 18:27:58 CDT

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    In an effort to help administrators find all systems within their network
    that are vulnerable to the .ida buffer overflow attack, which the "Code Red"
    worm is using to spread itself, we have decided to release a free tool named
    CodeRed Scanner. It can scan a range of IP addresses and report back any IP
    addresses which are vulnerable to the .ida attack, and susceptible to the
    "Code Red" worm.

    The program will allow you to either scan a single IP address or a Class C
    (254) set of IP addresses. It will output a list of IP addresses which can
    be double clicked on to get information on how to patch your system from the
    .ida vulnerability and to eradicate the "Code Red" worm from your system.
    Also this is a program you get to install on your own computer so you do not
    have to go to a website and register to scan 1 IP address at a time etc...
    like some of the other scanners we have seen that scan for the CodeRed Worm.

    We are able to remotely scan IP addresses (web servers) for the .ida
    vulnerability (CodeRed Worm) without having to test your system via a buffer
    overflow, which can bring your web server down. Instead we use a technique
    which we have taken from Retina that allows CodeRed Scanner the ability to
    test a web server remotely, without causing any harm to it. This allows us
    to see if the .ida patch is installed or not (if the server is infected or
    susceptible to infection).

    To download CodeRed Scanner go to:
    http://www.eeye.com/html/Research/Tools/codered.html

    Signed,
    Marc Maiffret
    Chief Hacking Officer
    eEye Digital Security
    T.949.349.9062
    F.949.349.9538
    http://eEye.com/Retina - Network Security Scanner
    http://eEye.com/Iris - Network Traffic Analyzer
    http://eEye.com/SecureIIS - Stop known and unknown IIS vulnerabilities

    ----------------------------------------------------------------------------
    Delivery co-sponsored by Trend Micro
    ============================================================================
    TREND MICRO REAL-TIME VIRUS ALERTS
    If you would like to know about a virus outbreak before CNN and ZDNet get
    Trend Micro Virus Info Feed FREE. Simply copy and paste a small piece of
    code to give your visitors a real-time top 10 list and the latest virus
    advisories. Setup takes just 10 minutes and requires no server-side code on
    your Web site. All content is updated automatically from Trend Micro's Web
    site.
    http://www.antivirus.com/banners/tracking.asp?si=8&bi=237&ul=/syndication/
    vinfo/
    ----------------------------------------------------------------------------