Code Red III 759
drcrja was the first to send us this brief bit about Code Red III which is apparently faster and more vicious than its entertaining predecessors. I'm still wondering what I should do with the hundreds of IPs in my desktop's apache log trying hopelessly to overflow my buffer.
Versions of the worm... (Score:5, Funny)
Code Red: Microsoft Strikes Back
Code Red: Return of the Virii
Code Red: The Not-so Phantom Menace
And finally...
Code Red: Attack of the Clones
Re:Finally (Score:2, Funny)
I knew our machines got Code Red (Score:1, Funny)
I want Code Red IV myself... (Score:4, Funny)
Not bad, but... (Score:1, Funny)
I've got a virus on my machine (Score:2, Funny)
None of my antivirus software packages seem to be able to detect it, though
So hard to keep up (Score:5, Funny)
Tnks.
Re:Back Door? Somebody call the Goatse.cx guy! (Score:2, Funny)
Well, suppose we had this giant electronic speculum ;-)
Re:As with the parent, so with the child. (Score:2, Funny)
As with the parent, so with the child. (Score:5, Funny)
Saddens me though (Score:5, Funny)
We seem to have a good ways to go befoer everything that runs on Winblows will also run on Linux
Re:More information? (Score:5, Funny)
What they are calling CodeRed III is really CodeRedII with a better IP selection routine.
Still has the XXX and installs the backdoor
Now incidents.org is recommending that the compromised machines, which have installed backdoors, format their c drive and reinstall
We can do it for them...
GET
huh .. when does the prequel come out ? (Score:2, Funny)
then they could do some prequels 10 years later
codered IV: A new hope
codered V: The code strikes back
codered VI: Return of the code
...
codered I: The iis menace.
Ok. Here's better names. (Score:1, Funny)
Code Red: The Phantom Worm.
Code Red II: Attack of the Clone
Code Red III: Media's Imagination
Code Red IV: A New Worm
Code Red V: The Worm Strikes Back
Code Red VI: Return of the Worm
Like a Movie ... (Score:2, Funny)
From the article (Score:1, Funny)
Ah, so Windows NT or 2000 are vulnerable too, uh? God, I love proper journalism.
Serious blow to open source & free software (Score:5, Funny)
Re:Buffer overflow vulnerabilities (Score:1, Funny)
Not Legal : Patent Problem (Score:2, Funny)
If you did that, you would run afoul McAffee's Patent on Web based virus removal and system administration.
Is this a trick from Hollywood? (Score:1, Funny)
Re:Better Names (Score:2, Funny)
Thanks for the suggestion (Score:3, Funny)
OK, it will be ready in an hour, just got to build the array handler routine.
Finally (Score:5, Funny)
Dissection of Code Red versions...a timeline: (Score:1, Funny)
V1.1: Enhanced code
V2: Back door "feature"
V3: Faster attack "feature"
V3.1: Faster attack and multiple backdoor "feature"
------Today: Slashdot reports Code Red V4
V4: Failed version, the worm can't infect other systems, author too dumb to put dots in IP address
V5: Total code rewrite, GNU licensed, autopatch feature (downloads a copy of bsd or linux and installs it on the NT box)
V5.1: Faster reinstall (err....patch), now the user can select wich OS/distribution.
------Next Week:Meanwhile, Microsoft patents the "Internet Worm" concept.
V6: Final release, the worm now infects the victim's server and start to post comments in Slashdot about Code Red...
If the log hits aren't for you, do the right thing (Score:4, Funny)
It's just common courtesy provided it isn't a competitors site.
So what you do is set up a script to pull each individual Code Red transaction out of your logs and send an email to support@microsoft.com with a message similar to the following:
A user at IP address x.x.x.x was trying to contact you and got my IP address by mistake. I know how important the needs and desires of your customers are to Microsoft, so I was certain you would want to know about this as soon as possible.
Re:More information? (Score:4, Funny)
Other people keep referring to CodeRed III, or CodeRed3. I *think* they are all talking about CodeRed II. We have yet to verify any fourth version.
For people who are asking in other threads here, CRv1 and CRv2 uses NNNNNNNN's in their URL. CodeRed II uses XXXXXXXXXX's.
Honestly, if we can keep PacMan, Ms. PacMan, PacMan Jr., PacLand, and SuperPacMan distinct, why not the Code Red names?
In any case, if someone is able to translate
this link [mic.go.kr]
That would be a huge help.
More info on Code Red III (Score:4, Funny)
If you see a message on the boards with a subject line of "Hi, how are you," delete it immediately WITHOUT reading it. It is "Code Red III". This is the most dangerous virus yet. It will re-write your hard drive. Not only that, but it will scramble any disks that are even close to your computer (up to 20 feet). It will recalibrate your refrigerator's coolness setting so all your ice cream melts and milk curdles. It will demagnetize the strips on all your credit cards, reprogram your ATM access code,screw up the tracking on your VCR and use subspace fieldharmonic to scratch any CDs you try to play.
It will give your ex-boy/girlfriend your new phone number. It will program your phone autodial to call only your mother's number. It is insidious and subtle. It is dangerous and terrifying to behold. It will mix antifreeze into your fish tank. It will drink all your beer.It will hide your car keys when you are late for work and interfere with your car radio so that you hear 1940's hits and static while stuck in traffic.
It will give you nightmares about circus midgets. It will replace your shampoo with Nair and your Nair with Rogaine, all while dating your current boy/girlfriend behind your back and billing their hotel rendezvous to your Visa card. It will seduce your grandmother. It does not matter if she is dead, such is the power of "Code Red III", it reaches out beyond the grave to sully those things we hold most dear.
It will rewrite your back-up files, changing all your active verbs to passive tense and incorporating undetectable misspellings which grossly change the interpretation of key sentences.
"Code Red III" will give you Dutch Elm disease. It will leave the toilet seat up and leave the hairdryer plugged in dangerously close to a full bathtub. It will wantonly remove the forbidden tags from your mattresses and pillows,and refill your skim milk with whole. "Code Red III" is an evil virus conceived by evil people. It is also a rather interesting shade of mauve. These are just a few signs. Be very, very afraid. PLEASE FORWARD THIS MESSAGE TO EVERYONE YOU KNOW!!!
Re:Version 3? Don't think so. (Score:2, Funny)
Re:Serious blow to open source & free software (Score:2, Funny)
Re:Code Red (I,II,III) Fix for Apache webservers (Score:2, Funny)
I tried redirecting it and it didn't work.
Re:More information? (Score:4, Funny)
We can do it for them...
GET
Okay. So, I'll put up a disclaimer on www.glowingplate.com that any connection attempts by machines infected with Code Red will be met with an HTTP request to $HOSTNAME/script/root.exe?+%2fc+format+c.
Set up Lynx into a little script, log the confirmed kills to my log printer, and all is good legally because of the disclaimer. One would hope.
Interesting Irony (Score:5, Funny)
Who's calling Whose code "Potentially Viral"?