[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[cobalt-security] Re: Codered2 and winnuke

Subject: [cobalt-security] Re: Codered2 and winnuke
From: "Gareth" <garth@xxxxxxxxxxxxxxx>
Date: Fri, 10 Aug 2001 10:30:49 +0100
List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>

But even codered.c (coderedII) stops propagating if the machine is rebooted.
It only leaves the backdoor and does not leave any onload commands. The
backdoor does not need to be run every time the computer boots, because it
is only a copy of command.exe in the script directory of IIS. In my opinion
it seems that th programmer already has an idea of his next virus. He has
limited this virus to run only until october 2001. I wonder what his next
one is?
Gareth
Quote:
----
Code Red v2 does write info to disk to install it's back door...
Or at least moves files around the hard drive to make the back door, and
even a reboot
won't clean your system completely..  It also writes to the registry so the
back door is opened
everytime the machine boots..
----

Prev by Date: [cobalt-security] IPChains/IPTables - DROP or DENY..?
Next by Date: Re: [cobalt-security] DANGER WILL ROBINSON!!! A tool for MIM/c*apfilt and poisoning listed on /.
Previous by thread: [cobalt-security] IPChains/IPTables - DROP or DENY..?
Next by thread: [cobalt-security] Fw: Codered2 and winnuke

Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index