Jump to content

Code Red II

From Wikipedia, the free encyclopedia

This is an old revision of this page, as edited by InternetArchiveBot (talk | contribs) at 04:48, 10 August 2017 (Rescuing 1 sources and tagging 0 as dead. #IABot (v1.5beta)). The present address (URL) is a permanent link to this revision, which may differ significantly from the current revision.

Code Red II
TypeServer Jamming Worm

Code Red II is a computer worm similar to the Code Red worm. Released two weeks after Code Red on August 4, 2001, although similar in behavior to the original, analysis showed it to be a new worm instead of a variant. Different from the first the second has no attacking function, but a backdoor to allow attacks. The worm was designed to exploit a security hole in the indexing software included as part of Microsoft's Internet Information Server (IIS) web server software.

A typical signature of the Code Red II worm would appear in a web server log as: 

 GET /default.ida?XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
 XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
 XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
 XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
 XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
 %u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801
 %u9090%u6858%ucbd3%u7801%u9090%u9090%u8190%u00c3
 %u0003%u8b00%u531b%u53ff%u0078%u0000%u00=a HTTP/1.0

When the original worm tried to infect other computers at random, Code Red II tried to infect machines on the same subnet as the infected machine.

Microsoft had already released a security patch for IIS that fixed the security hole on June 18, 2001,[1] however not everyone had patched their servers, including Microsoft themselves.[2]

See also

References

  1. ^ Microsoft (2001-06-18). "Microsoft Security Bulletin MS01-033". Microsoft TechNet. Retrieved 2007-02-08.
  2. ^ Joris Evers (2001-08-09). "Microsoft Sees Red: Worm Infects Its Own Servers". IDG News Service. Retrieved 2007-02-08.
Retrieved from "https://en.wikipedia.org/w/index.php?title=Code_Red_II&oldid=794806389"