I have been contemplating writing a script to scan the logs, then go
back to infected machines, and change the wallpaper on the desktop to
something that reads:

HEY STUPID:

YOU ARE INFECTED WITH CODE RED... 

GO FIX YOUR BOX


On Sun, Aug 05, 2001 at 01:56:19PM -0700, J.Francois wrote:
> 
> I got tired of counting and just started putting the info into my IDS page.
> That way I can send complaints and point them to a URL so I don't have to 
> keep recreating the same data each time.
> 
> Besides, once it gets picked up by a serch engine maybe that will shame
> some people to get moving and stop this stupid thing.
> 
> http://www.magusnet.com/ids.html
> 
> 
> So, is any interesting OpenSource stuff going on this weekend?
> 
> 
> On Sun, Aug 05, 2001 at 12:37:42PM -0700, Thomas Mondoshawan Tate wrote:
> > No kidding. I just read your listing and decided to check out my webserver's
> > logs just for fun. Whoo... I've only had my server up for less than 11
> > hours, and I've already had 113 hits from that little bugger. O.o
> > 
> > 
> > On Sun, Aug 05, 2001 at 12:24:40PM -0700, jiva@opnix.com wrote:
> > > Mind you, this is unique infections *per hour*.  I've had well over
> > > 1000 attempts in the last 24 hours.
> > > 
> > > On Sun, Aug 05, 2001 at 12:17:20PM -0700, Jiva DeVoe wrote:
> > > > Here's some fun things... I wrote a little script to watch the rate of
> > > > attempted infection of my box.  The first column is the Day, the
> > > > second column(after the colon) is the hour, and the last column is the
> > > > number of times code-red tried to infect me:
> > > > 
> 
> [snipped]
> 
> > > > On Sun, Aug 05, 2001 at 11:38:00AM -0700, Wayne Conrad wrote:
> > > > > It's working.  Everyone's taking a breather from that last round of messages (whew).  Or tailing Apache logs watching the new looks-like-CR-but-isn't worm.  Fun for the whole family.
> > > > >   Wayne
> > > > > ________________________________________________
> 
> 

--