FWIW, I just tried to telnet to the 20 most recent hosts I got Code Red II probes from, and didn't get a shell prompt on any of them. Are people cleaning up their boxes that quickly? -C On Thu, Aug 09, 2001 at 02:19:19PM +0800, Mathias K?rber wrote:
Is there an effort abound that would allow for lists of verified 'Code Red 2' infected hosts to be reported for cleanup/mitigation? By known 'Code Red 2' infected hosts, I mean that root.exe has been found to exist on the host.
Finding the contact information for a lot of these is proving difficult being that a fair amount of the infected machines are Joe Blow broadband customers.
Publishing such lists is IMHO not a good idea, as these hosts are vulnerable and publishing their addresses would only serve to let more crackers know where to go..
-- --------------------------- Christopher A. Woodfield rekoil@semihuman.com PGP Public Key: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xB887618B