Login
Login

Code Red II

{{short description|Computer worm}}

{{ infobox computer virus

| Fullname = Code Red II

| Common name =

| Technical name =

| Aliases =

| Family =

| Classification =

| Type = Server Jamming Worm

| Subtype =

| IsolationDate =

| Origin =

| Author =

| Ports used =

| OSes =

| Filesize =

| Language =

}}

Code Red II is a computer worm similar to the Code Red worm. Released two weeks after Code Red on August 4, 2001, it is similar in behavior to the original, but analysis showed it to be a new worm instead of a variant. Unlike the first, the second has no function for attack; instead it has a backdoor that allows attacks. The worm was designed to exploit a security hole in the indexing software included as part of Microsoft's Internet Information Server (IIS) web server software (CVE-2001-0500).

A typical signature of the Code Red II worm appears in a web server log as:

GET /default.ida?XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801

%u9090%u6858%ucbd3%u7801%u9090%u9090%u8190%u00c3

%u0003%u8b00%u531b%u53ff%u0078%u0000%u00=a HTTP/1.0

While the original worm tried to infect other computers at random, Code Red II tries to infect machines on the same subnet as the infected machine.

Microsoft had released a security patch for IIS on June 18, 2001, that fixed the security hole,{{cite web | url=http://www.microsoft.com/technet/security/bulletin/MS01-033.mspx | title=Microsoft Security Bulletin MS01-033 | author=Microsoft | date=2001-06-18 | work=Microsoft TechNet | accessdate=2007-02-08}} however not everyone had patched their servers, including Microsoft themselves.{{cite web | url=http://www.pcworld.com/article/id,57584-page,1/article.html | title=Microsoft Sees Red: Worm Infects Its Own Servers | author=Joris Evers | date=2001-08-09 | work=IDG News Service | accessdate=2007-02-08 | archive-url=https://web.archive.org/web/20070427010621/http://www.pcworld.com/article/id,57584-page,1/article.html | archive-date=2007-04-27 | url-status=dead }}

See also

References

{{reflist}}

External links

  • [https://web.archive.org/web/20191213105201/http://www.unixwiz.net/techtips/CodeRedII.html Original Analysis of Code Red II] - analysis by Steve Friedl
  • [https://web.archive.org/web/20041205102928/http://eeye.com/html/research/advisories/AL20010804.html ANALYSIS: CodeRed II Worm] - analysis by eEye Digital Security
  • [http://www.sans.org/reading_room/whitepapers/malicious/code-red-code-red-ii-double-dragons_88]

Category:Exploit-based worms

Category:Hacking in the 2000s