Projects / Worm Report

Worm Report

Worm Report is a very simple Perl script to filter out the known worm (Code Red, Nimda) hits from the access log, and put them into their own files named for the IP/Host that has been "wormed". A basic report containing the count, hostname, ip, and a guess at the parent domain is then printed to STDOUT to facilitate contacting these individuals. Adding a new worm requires adding a new worm hit string to the DATA section of the script, nothing so fancy (or exhaustive) as an Apache module.

Tags
Licenses
Operating Systems
Implementation

Recent releases

  •  21 Sep 2001 13:54

    Release Notes: This release contains a fix for a bug, affecting older Perl interpreters, where a mask is required for the mkdir command. It also more tightly checks the DATA section to safegaurd against the inclusion of blank lines, which would otherwise cause every log entry to be matched.

    •  20 Sep 2001 08:24

      Release Notes: Initial release. Helpful for tracking hits from sites wormed with Code Red, Code Red II, and NIMDA.

      Screenshot

      Project Spotlight

      OpenStack4j

      A Fluent OpenStack client API for Java.

      Screenshot

      Project Spotlight

      TurnKey TWiki Appliance

      A TWiki appliance that is easy to use and lightweight.