From 1998 through 2004, CERT Incident Notes provided information regarding widespread cybersecurity incidents with the hope that the information would be tactically relevant to network defenders. This collection is also available as a series of PDF digests in the SEI Resource Library.
List of CERT® Incident Notes 1998-2004
- CERT Incident Note IN-98-05: Probes with Spoofed IP Addresses
- CERT Incident Note IN-98-06: Automated Scanning and Exploitation
- CERT Incident Note IN-98-07: Windows NT "Remote Explorer" Virus
- CERT Incident Note IN-98.01: Scans to Port 1/tcpmux and unpassworded SGI accounts
- CERT Incident Note IN-98.02: New Tools Used for Widespread Scans
- CERT Incident Note IN-98.03: Password Cracking Activity
- CERT Incident Note IN-98.04: Advanced Scanning
- CERT Incident Note IN-99-01: sscan Scanning Tool
- CERT Incident Note IN-99-02: Happy99.exe Trojan Horse
- CERT Incident Note IN-99-03: CIH/Chernobyl Virus
- CERT Incident Note IN-99-04: Attacks Using Various RPC Services
- CERT Incident Note IN-99-05: Compromises Through am-utils
- CERT Incident Note IN-99-06: Distributed Network Sniffer
- CERT Incident Note IN-99-07: Distributed Denial of Service Tools
- CERT Incident Note IN-99-08: Attacks Against ISS web servers involving MCAD
- CERT Incident Note IN-2000-01: Windows Based DDOS Agents
- CERT Incident Note IN-2000-02: Unprotected Windows Networking Shares
- CERT Incident Note IN-2000-03: 911 Worm
- CERT Incident Note IN-2000-04: DoS Attacks Using Nameservers
- CERT Incident Note IN-2000-05: mstream Distributed DoS
- CERT Incident Note IN-2000-06: Scriptlet.Typelib ActiveX Control
- CERT Incident Note IN-2000-07: Exploitation of Hidden File Extensions
- CERT Incident Note IN-2000-08: Chat Clients and Network Security
- CERT Incident Note IN-2000-09: Vulnerability in IRIX telnet daemon
- CERT Incident Note IN-2000-10: Exploitation of rpc.statd and wu-ftpd
- CERT Incident Note IN-2001-01: Compromises via ramen Toolkit
- CERT Incident Note IN-2001-02: Open mail relays, Hybris Worm
- CERT Incident Note IN-2001-03: BIND Vulnerabilities Exploited
- CERT Incident Note IN-2001-04: "Carko" Distributed Denial-of-Service Tool
- CERT Incident Note IN-2001-05: The "cheese" Worm
- CERT Incident Note IN-2001-06: Verification of Downloaded Software
- CERT Incident Note IN-2001-07: W32/Leaves
- CERT Incident Note IN-2001-08: "Code Red" Worm Exploiting Buffer Overflow In IIS Indexing Service DLL
- CERT Incident Note IN-2001-09: "Code Red II:" Another Worm Exploiting Buffer Overflow In IIS Indexing Service DLL
- CERT Incident Note IN-2001-10: "Code Red" Worm Crashes IIS 4.0 Servers with URL Redirection Enabled
- CERT Incident Note IN-2001-11: Cache Corruption on Microsoft DNS Servers
- CERT Incident Note IN-2001-12: Exploitation of vulnerability in SSH1 CRC-32 compensation attack detector
- CERT Incident Note IN-2001-13: "Kaiten" Malicious Code Installed by Exploiting Null Default Passwords in Microsoft SQL Server
- CERT Incident Note IN-2001-14: W32/BadTrans Worm
- CERT Incident Note IN-2001-15: W32/Goner Worm
- CERT Incident Note IN-2002-01: W32/Myparty Malicious Code
- CERT Incident Note IN-2002-02: W32/Gibe Malicious Code
- CERT Incident Note IN-2002-03: Social Engineering Attacks via IRC and Instant Messaging
- CERT Incident Note IN-2002-04: Exploitation of Vulnerabilities in Microsoft SQL Server
- CERT Incident Note IN-2002-05: W32/Frethem Malicious Code
- CERT Incident Note IN-2002-06: W32/Lioten Malicious Code
- CERT Incident Note IN-2003-01: Malicious Code Propagation and Antivirus Software Updates
- CERT Incident Note IN-2003-02: W32/Mimail Virus
- CERT Incident Note IN-2003-03: W32/Sobig.F Worm
- CERT Incident Note IN-2003-04: Exploitation of Internet Explorer Vulnerability
- CERT Incident Note IN-2004-01: W32/Novarg.A Virus
- CERT Incident Note IN-2004-02: W32/Netsky.B Virus