[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[cobalt-security] Fw: Codered2 and winnuke
- Subject: [cobalt-security] Fw: Codered2 and winnuke
- From: "Gareth" <garth@xxxxxxxxxxxxxxx>
- Date: Fri, 10 Aug 2001 10:42:56 +0100
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
----- Original Message -----
From: "Gareth" <garth@xxxxxxxxxxxxxxx>
To: "Gareth" <garth@xxxxxxxxxxxxxxx>
Sent: Friday, August 10, 2001 10:37 AM
Subject: Re: Codered2 and winnuke
> Sorry, I have just rechecked the sites I originally got my iformation
from,
> and the virus does leave an onload, to set a mapping into the %systemroot%
> from the IIS server.
> Gareth
>
> From: "Gareth" <garth@xxxxxxxxxxxxxxx>
> Sent: Friday, August 10, 2001 10:30 AM
> > It only leaves the backdoor and does not leave any onload commands. The
>
>