Curious HTTP GET commands ...

Seth Gordon sethg at ropine.com
Mon Aug 6 14:05:18 EDT 2001


   Meanwhile, I've noticed that sometimes the  GET  requests  include  a
   long  string  of X's, and other times with a long string of N's.  Are
   these two clones of CodeRed?

(Disclaimer: All I know about this is what I read on Slashdot.)

There are two CodeRed viruses: The N's are the original version, the
one that puts up the "hacked by Chinese" message and tries to pull a
DDOS attack against whitehouse.gov.  The X's are the new version,
which tries to set up a rootshell on the infected machine.

-- 
"Rav would never cross a bridge when an idolator was on it; he said, 'Maybe he
will be judged and I will be taken with him.'  Shmuel would only cross a
bridge when an idolator was on it; he said, 'Satan cannot rule two nations [at
once].'  Rabbi Yannai would examine [the bridge] and cross."  --Shabbat 32a
== Seth Gordon == sethg at ropine.com == http://ropine.com/ == std. disclaimer ==
-
Subcription/unsubscription/info requests: send e-mail with
"subscribe", "unsubscribe", or "info" on the first line of the
message body to discuss-request at blu.org (Subject line is ignored).



More information about the Discuss mailing list