|
|
|
|
|
Code Red IiCode Red II is a computer worm similar to the Code Red worm. Released two weeks after Code Red on August 4 2001, although similar in behaviour to the original, analysis showed it to be a new worm instead of a variant. The worm was designed to exploit a security hole in the indexing software included as part of Microsoft's Internet Information Server (IIS) web server software. A typical signature of the Code Red II worm would appear in a web server log as: - GET /default.ida?XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
- XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
- XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
- XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
- XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
- %u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801
- %u9090%u6858%ucbd3%u7801%u9090%u9090%u8190%u00c3
- %u0003%u8b00%u531b%u53ff%u0078%u0000%u00=a HTTP/1.0
Where the original worm tried to infect other computers at random, Code Red II tried to infect machines on the same subnet as the infected machine. Microsoft released a security patch for IIS that fixed the security hole on June 18 2001, however as of 2005 there are still machines infected with the Code Red II worm. External links
|
 |
|
| Copyright 2005-2009 OnPedia.com. All Rights Reserved |
|
|