securityfocus.com has several variants that use the same vulnerability as code red, some of them are not as "nice" as code red. By nice i mean they 0wn the box, instead of a trivial defacement. -ajb On Sat, Aug 04, 2001 at 10:48:09PM -0400, Jeff Ogden wrote: -> ->Do we know if anyone has looked at the code for variants of the worn ->in detail recently? I've seen announcements about new versions with ->better random IP address generation. Does anyone know if other ->aspects of the worm are the same? Is it still set to spread itself ->until the 19th and then switch to attacking the IP address that was ->once www1.whitehouse.gov or are their variants with different dates ->and different IP address or attack scenarios? -> -> -Jeff -> ->At 4:57 PM -0700 8/4/01, Lou Katz wrote: ->>I'm seeing about 2:1 "XXXXXXXXXXXX" vs "NNNNNNNNNNNN" entries in today's logs. ->> ->>Also, I have over a factor of 20 more entries in Aug than in July. ->> ->>-- ->> ->> ->>-=[L]=- ---end quoted text--- -- Andrew Barros <abarros@tjhsst.edu> PGP Key Fingerprint: D3B8 0800 C45A 143E 5CF0 E112 0A1B AB36 B655 1FB8