Dave Sherman <dsherman at real-time.com> wrote:
> 
> Anybody hear of a new worm based on Code Red? This guy that I am talking
> to seems to think so.

Yes, I just got two copies this morning.

It appears to be pretty insidious, spreading like Code Red, but also over
e-mail.  It may spread over SMB shares as well.  Looks like it also wreaks
hell on the registry

This is just a quick analysis using `strings'.  It's entirely possible
that portions of it don't work.

-- 
 _  _  _  _ _  ___    _ _  _  ___ _ _  __   "Every time I've built 
/ \/ \(_)| ' // ._\  / - \(_)/ ./| ' /(__   character, I've  
\_||_/|_||_|_\\___/  \_-_/|_|\__\|_|_\ __)  regretted it." 
[ Mike Hicks | http://umn.edu/~hick0088/ | mailto:hick0088 at tc.umn.edu ]
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 232 bytes
Desc: not available
Url : http://shadowknight.real-time.com/pipermail/tclug-list/attachments/20010918/3dbd4e72/attachment.pgp