[thelist] failure notice (& CF TIP)

Steve Cook steve.cook at evitbe.com
Wed Sep 19 09:59:57 CDT 2001

Hmmm! Curious. There's not even an open port 80 on our firewall. The server
is on our internal network - it's a development server with NO inward
connection to the Internet.

*wonders how that got there*

It could *possibly* have come from within our service prover's network, but
that's all I can think of.

Oh well. I'll check it out. Thanks for the heads-up!

   WapWarp - http://wapwarp.com
 Wap-Dev - http://www.wap-dev.net
 Cookstour - http://cookstour.org

> -----Original Message-----
> From: Daniel J. Cody [mailto:djc at starkmedia.com]
> Sent: den 19 september 2001 16:35
> To: thelist at lists.evolt.org
> Subject: Re: [thelist] failure notice (& CF TIP)
> Hey Steve -
> Steve Cook wrote:
> > Hi Dan!
> > 
> > If one has that file, does it mean that the server *has* 
> been infected by a
> > worm, or is it that the file is a security loophole?
> root.exe is a by-product of the code red series, so its presence 
> suggests that your server *was* infected at one time.

More information about the thelist mailing list