fbpx
Wikipedia

Code Red II

Code Red II is a computer worm similar to the Code Red worm. Released two weeks after Code Red on August 4, 2001, it is similar in behavior to the original, but analysis showed it to be a new worm instead of a variant. Unlike the first, the second has no function for attack; instead it has a backdoor that allows attacks. The worm was designed to exploit a security hole in the indexing software included as part of Microsoft's Internet Information Server (IIS) web server software.

Code Red II
TypeServer Jamming Worm

A typical signature of the Code Red II worm appears in a web server log as:

 GET /default.ida?XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX %u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801 %u9090%u6858%ucbd3%u7801%u9090%u9090%u8190%u00c3 %u0003%u8b00%u531b%u53ff%u0078%u0000%u00=a HTTP/1.0 

While the original worm tried to infect other computers at random, Code Red II tries to infect machines on the same subnet as the infected machine.

Microsoft had released a security patch for IIS on June 18, 2001, that fixed the security hole,[1] however not everyone had patched their servers, including Microsoft themselves.[2]

See also

References

  1. ^ Microsoft (2001-06-18). "Microsoft Security Bulletin MS01-033". Microsoft TechNet. Retrieved 2007-02-08.
  2. ^ Joris Evers (2001-08-09). . IDG News Service. Archived from the original on 2007-04-27. Retrieved 2007-02-08.

External links

  • - analysis by Steve Friedl
  • - analysis by eEye Digital Security
  • [1]

code, computer, worm, similar, code, worm, released, weeks, after, code, august, 2001, similar, behavior, original, analysis, showed, worm, instead, variant, unlike, first, second, function, attack, instead, backdoor, that, allows, attacks, worm, designed, exp. Code Red II is a computer worm similar to the Code Red worm Released two weeks after Code Red on August 4 2001 it is similar in behavior to the original but analysis showed it to be a new worm instead of a variant Unlike the first the second has no function for attack instead it has a backdoor that allows attacks The worm was designed to exploit a security hole in the indexing software included as part of Microsoft s Internet Information Server IIS web server software Code Red IITypeServer Jamming WormA typical signature of the Code Red II worm appears in a web server log as GET default ida XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX u9090 u6858 ucbd3 u7801 u9090 u6858 ucbd3 u7801 u9090 u6858 ucbd3 u7801 u9090 u9090 u8190 u00c3 u0003 u8b00 u531b u53ff u0078 u0000 u00 a HTTP 1 0 While the original worm tried to infect other computers at random Code Red II tries to infect machines on the same subnet as the infected machine Microsoft had released a security patch for IIS on June 18 2001 that fixed the security hole 1 however not everyone had patched their servers including Microsoft themselves 2 See also EditNimda Timeline of computer viruses and wormsReferences Edit Microsoft 2001 06 18 Microsoft Security Bulletin MS01 033 Microsoft TechNet Retrieved 2007 02 08 Joris Evers 2001 08 09 Microsoft Sees Red Worm Infects Its Own Servers IDG News Service Archived from the original on 2007 04 27 Retrieved 2007 02 08 External links EditOriginal Analysis of Code Red II analysis by Steve Friedl ANALYSIS CodeRed II Worm analysis by eEye Digital Security 1 Retrieved from https en wikipedia org w index php title Code Red II amp oldid 969381762, wikipedia, wiki, book, books, library,

article

, read, download, free, free download, mp3, video, mp4, 3gp, jpg, jpeg, gif, png, picture, music, song, movie, book, game, games.