Code Red II (computer worm)

Code Red II (computer worm)

Code Red II is a computer worm similar to the Code Red worm. Released two weeks after Code Red on August 4 2001, although similar in behavior to the original, analysis showed it to be a new worm instead of a variant. The worm was designed to exploit a security hole in the indexing software included as part of Microsoft's Internet Information Server (IIS) web server software.

A typical signature of the Code Red II worm would appear in a web server log as:

: GET /default.ida?XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX: %u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801: %u9090%u6858%ucbd3%u7801%u9090%u9090%u8190%u00c3: %u0003%u8b00%u531b%u53ff%u0078%u0000%u00=a HTTP/1.0

Where the original worm tried to infect other computers at random, Code Red II tried to infect machines on the same subnet as the infected machine.

Microsoft had already released a security patch for IIS that fixed the security hole on June 18 2001, [cite web | url=http://www.microsoft.com/technet/security/bulletin/MS01-033.mspx | title=Microsoft Security Bulletin MS01-033 | author=Microsoft | date=2001-06-18 | work=Microsoft TechNet | accessdate=2007-02-08] however not everyone had patched their servers, including Microsoft themselves. [cite web | url=http://www.pcworld.com/article/id,57584-page,1/article.html | title=Microsoft Sees Red: Worm Infects Its Own Servers | author=Joris Evers | date=2001-08-09 | work=IDG News Service | accessdate=2007-02-08]

References

External links

* [http://www.unixwiz.net/techtips/CodeRedII.html Original Analysis of Code Red II] - analysis by Steve Friedl
* [http://www.eeye.com/html/Research/Advisories/AL20010804.html ANALYSIS: CodeRed II Worm] - analysis by eEye Digital Security


Wikimedia Foundation. 2010.

Игры ⚽ Нужно сделать НИР?

Look at other dictionaries:

  • Code Red — can refer to: Music Code Red (band), a 1990s British boyband Code Red (DJ Jazzy Jeff the Fresh Prince album) (1993), by American hip hop duo DJ Jazzy Jeff the Fresh Prince Code Red (Russian band), Russian dance band located in Bonn, debuting in… …   Wikipedia

  • Code Red (Computerwurm) — Code Red ist eine Familie von Computerwürmern, die sich ab dem 12. Juli 2001 im Internet verbreitete. Die ersten befallenen Rechner wurden am 13. Juli an eEye Digital Security gemeldet, wo Marc Maiffret und Ryan Permeh die erste Analyse… …   Deutsch Wikipedia

  • Code Red (computer worm) — Code Red Type Server Jamming Worm The Code Red worm was a computer worm observed on the Internet on July 13, 2001. It attacked computers running Microsoft s IIS web server. The Code Red worm was first discovered and researched by eEye Digital… …   Wikipedia

  • Code Red II — Type Server Jamming Worm Code Red II is a computer worm similar to the Code Red worm. Released two weeks after Code Red on August 4, 2001, although similar in behavior to the original, analysis showed it to be a new worm instead of a variant. The …   Wikipedia

  • SQL slammer (computer worm) — The SQL slammer worm is a computer worm that caused a denial of service on some Internet hosts and dramatically slowed down general Internet traffic, starting at 05:30 UTC on January 25, 2003. It spread rapidly, infecting most of its 75,000… …   Wikipedia

  • Melissa (computer worm) — The Melissa worm, also known as Mailissa , Simpsons , Kwyjibo , or Kwejeebo , is a mass mailing macro virus, hence leading some to classify it as a computer worm.HistoryFirst found on March 26, 1999, Melissa shut down Internet mail systems that… …   Wikipedia

  • Nimda (computer worm) — Nimda is a computer worm, isolated in September 2001. It is also a file infector. It quickly spread, eclipsing the economic damage caused by past outbreaks such as Code Red. Multiple propagation vectors allowed Nimda to become the Internet’s most …   Wikipedia

  • Voyager (computer worm) — The Voyager worm is a computer worm that was posted on the Internet on October 31, 2005, and is designed to target Oracle databases. Known variants * First, non malicious, example October 31, 2005 * Second example December 29, 2005 which attempts …   Wikipedia

  • Timeline of computer viruses and worms — Contents 1 1960–1969 1.1 1966 2 1970–1979 2.1 1 …   Wikipedia

  • Timeline of notable computer viruses and worms — This is a timeline of noteworthy computer viruses and worms.1970 1979Early 1970s* Creeper virus was detected on ARPANET infecting the Tenex operating system. Creeper gained access independently through a modem and copied itself to the remote… …   Wikipedia

Share the article and excerpts

Direct link
Do a right-click on the link above
and select “Copy Link”