Code Red II (computer Worm)
   HOME

TheInfoList



Click Here for Items Related To - Code Red II (computer Worm)
OR:
Code Red II (computer Worm) on:   [Wikipedia]   [Google]   [Amazon]

Code Red II is a
computer worm A computer worm is a standalone malware computer program that replicates itself in order to spread to other computers. It often uses a computer network to spread itself, relying on security failures on the target computer to access it. It wil ...
similar to the
Code Red worm Code Red was a computer worm observed on the Internet on July 15, 2001. It attacked computers running Microsoft's IIS web server. It was the first large scale, mixed threat attack to successfully target enterprise networks. The Code Red worm was ...
. Released two weeks after Code Red on August 4, 2001, it is similar in behavior to the original, but analysis showed it to be a new worm instead of a variant. Unlike the first, the second has no function for attack; instead it has a backdoor that allows attacks. The worm was designed to exploit a security hole in the indexing software included as part of Microsoft's
Internet Information Server Internet Information Services (IIS-pronounced 2S, formerly Internet Information Server) is an extensible web server software created by Microsoft for use with the Windows NT family. IIS supports HTTP, HTTP/2, HTTPS, FTP, FTPS, SMTP and NNTP. ...
(IIS) web server software. A typical signature of the Code Red II worm appears in a web server log as: GET /default.ida?XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX %u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801 %u9090%u6858%ucbd3%u7801%u9090%u9090%u8190%u00c3 %u0003%u8b00%u531b%u53ff%u0078%u0000%u00=a HTTP/1.0 While the original worm tried to infect other computers at random, Code Red II tries to infect machines on the same subnet as the infected machine. Microsoft had released a security patch for IIS on June 18, 2001, that fixed the security hole, however not everyone had patched their servers, including Microsoft themselves.


See also

*
Nimda The Nimda virus is a malicious file-infecting computer worm. It quickly spread, surpassing the economic damage caused by previous outbreaks such as Code Red (computer worm), Code Red. The first released advisory about this thread (worm) was relea ...
*
Timeline of computer viruses and worms A timeline is a display of a list of events in chronological order. It is typically a graphic design showing a long bar labelled with dates paralleling it, and usually contemporaneous events. Timelines can use any suitable scale representin ...


References

{{reflist


External links


Original Analysis of Code Red II
- analysis by Steve Friedl

- analysis by eEye Digital Security

Exploit-based worms Hacking in the 2000s