Incidentially, the X ones outnumber the N ones, 337 to 188 as of this moment. The first X one was at 00:05:02 NZST today. Which means that varient seems to be much more active, I guess.
It's a new worm using the same infection vector. It is a lot more aggressive, and uses the fact that machines near to itself are likely to be good places to find crackable machines. If you have a lot of customers with cracked NT boxes you'll get a lot of scans. If you have a nice C space in the middle of nowhere with no windows machines anywhere near, you might have a rather boring night. http://www.unixwiz.net/techtips/CodeRedII.html has some preliminary discussion on it and covers most of the important pieces of information. This version also copies CMD.EXE into the scripts directory and so now any infected machine is wide, wide open. Apparently there has been some discussion on NTBUGTRAQ about it. (http://slashdot.org/comments.pl?sid=01/08/05/0433219&cid=494). Place your bets how long before code Red III is around? --------- To unsubscribe from nznog, send email to majordomo(a)list.waikato.ac.nz where the body of your message reads: unsubscribe nznog