Code Red Sniffer
- From: "Jim Harrison" <jim@xxxxxxxxxxxx>
- To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
- Date: Tue, 7 Aug 2001 23:45:09 -0700
Hello weary Code Red battlers,
I've created a script that searches your system to sniff out the Code Red
worm. Since I had to help a hapless friend who's web farm was destroying
itself, I had to make the search a little more streamlined.
It does:
1. find the (presently) known droppings Code Red leaves in its wake
2. leave a log file on your system as "C:\CodeRed_insp_<MachName>.log"
3. tell you if definitely identifies Code Red
It DOES NOT:
1. say that Code Red is NOT on your system
2. attempt to clean Code Red from your system; this is a box-flattening
worm
Since Code Red is known to sleep for at least 24 hours before trashing your
box, you should run this script at least daily for the next several days to
see if anything new shows up.
It ain't much, but it's something, anyway... Good luck to all.
Jim Harrison
MCP(2K), A+, Network+, PCG
Other related posts:
