Code Red II

From Wikipedia, the free encyclopedia
  (Redirected from Code Red II (computer worm))
Jump to navigation Jump to search
Code Red II
TypeServer Jamming Worm

Code Red II is a computer worm similar to the Code Red worm. Released two weeks after Code Red on August 4, 2001, although similar in behavior to the original, analysis showed it to be a new worm instead of a variant. Different from the first the second has no attacking function, but a backdoor to allow attacks. The worm was designed to exploit a security hole in the indexing software included as part of Microsoft's Internet Information Server (IIS) web server software.

A typical signature of the Code Red II worm would appear in a web server log as:

 GET /default.ida?XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
 XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
 XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
 XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
 XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
 %u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801
 %u9090%u6858%ucbd3%u7801%u9090%u9090%u8190%u00c3
 %u0003%u8b00%u531b%u53ff%u0078%u0000%u00=a HTTP/1.0

When the original worm tried to infect other computers at random, Code Red II tried to infect machines on the same subnet as the infected machine.

Microsoft had already released a security patch for IIS that fixed the security hole on June 18, 2001,[1] however not everyone had patched their servers, including Microsoft themselves.[2]

See also[edit]

References[edit]

  1. ^ Microsoft (2001-06-18). "Microsoft Security Bulletin MS01-033". Microsoft TechNet. Retrieved 2007-02-08.
  2. ^ Joris Evers (2001-08-09). "Microsoft Sees Red: Worm Infects Its Own Servers". IDG News Service. Retrieved 2007-02-08.

External links[edit]