ec2-18-204-55-168.compute-1.amazonaws.com | ToothyWiki | RecentChanges | Login | Webcomic A worm, spread rapidly by exploiting a well known buffer overflow bug in Microsoft's IIS? webserver. Reasonably efficient at finding new hosts to exploit - certain variants of it attempted to target DoS attacks, while other (benevolent?) variants actually went around patching the hole it exploited. (So preventing a nastier version getting that host)
Aaanyway. A major factor in its spread was that IIS? is enabled, by default, on the home version of Win2k?, WinME? and WinXP. And that your average home user doesn't know it exists, let alone how to patch it.
Which means that such idiotic hosts are STILL out there and STILL spamming.
A better reason for a global blackhole list I have yet to find.
(Although, if you're feeling nasty... most versions of CodeRed contain a BackDoor to allow installation of further attack clients. Which means when someone announces to you that they are running CodeRed (by attempting to infect you) you can go in and clean it up - or remove the problem in other ways that may appeal to you...)
Unfortunately such fix attempts are illegal.
Well, they're illegal if they're done in, from, or transiting via the UK? and some other jurisdictions. They aren't illegal under international law. --Senji
Attacking you with CodeRed is illegal - if they aren't getting caught, and they haven't noticed that their computer is infected yet, then the chances of them noticing you stepping in to fix it are nil. And the chances of them catching you if you 'fix' it are close to nil. But yeah. Most everything fun and satisfying is illegal.