September 18, 2001
Increase in Port 80 (HTTP) scanning activity
Author: JT Smith
Anonymous Reader writes, "This morning (September 18th) the CERT/CC (http://www.cert.org) started receiving reports of a massive increase in scanning directed at port 80 (http://www.cert.org/current/current_activity.html #port80). Reports indicate that this scanning activity is attempting to exploit systems previously compromised by Code Red II and/or the sadmind/IIS worm as well as other known vulnerabilities in Microsoft Internet Information Server (IIS). Please see CERT Vulnerability Note VU#111677 (http://www.kb.cert.org/vuls/id/111677) for information on the type of vulnerability being exploited."