Open main menu
Home
Random
Recent changes
Special pages
Community portal
Preferences
About Wikipedia
Disclaimers
Incubator escapee wiki
Search
User menu
Talk
Dark mode
Contributions
Create account
Log in
Editing
Code Red II
Warning:
You are not logged in. Your IP address will be publicly visible if you make any edits. If you
log in
or
create an account
, your edits will be attributed to your username, along with other benefits.
Anti-spam check. Do
not
fill this in!
{{short description|Computer worm}} {{ infobox computer virus | Fullname = Code Red II | Common name = | Technical name = | Aliases = | Family = | Classification = | Type = Server Jamming Worm | Subtype = | IsolationDate = | Origin = | Author = | Ports used = | OSes = | Filesize = | Language = }} '''Code Red II''' is a [[computer worm]] similar to the [[Code Red worm]]. Released two weeks after Code Red on August 4, 2001, it is similar in behavior to the original, but analysis showed it to be a new worm instead of a variant. Unlike the first, the second has no function for attack; instead it has a backdoor that allows attacks. The worm was designed to [[Vulnerability (computing)|exploit a security hole]] in the indexing software included as part of Microsoft's [[Internet Information Server]] (IIS) web server software (CVE-2001-0500). A typical signature of the Code Red II worm appears in a web server log as: GET /default.ida?XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX %u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801 %u9090%u6858%ucbd3%u7801%u9090%u9090%u8190%u00c3 %u0003%u8b00%u531b%u53ff%u0078%u0000%u00=a HTTP/1.0 While the original worm tried to infect other computers at random, Code Red II tries to infect machines on the same subnet as the infected machine. Microsoft had released a security patch for IIS on June 18, 2001, that fixed the security hole,<ref>{{cite web | url=http://www.microsoft.com/technet/security/bulletin/MS01-033.mspx | title=Microsoft Security Bulletin MS01-033 | author=Microsoft | date=2001-06-18 | work=Microsoft TechNet | accessdate=2007-02-08}}</ref> however not everyone had patched their servers, including Microsoft themselves.<ref>{{cite web | url=http://www.pcworld.com/article/id,57584-page,1/article.html | title=Microsoft Sees Red: Worm Infects Its Own Servers | author=Joris Evers | date=2001-08-09 | work=IDG News Service | accessdate=2007-02-08 | archive-url=https://web.archive.org/web/20070427010621/http://www.pcworld.com/article/id,57584-page,1/article.html | archive-date=2007-04-27 | url-status=dead }}</ref> ==See also== *[[Nimda]] *[[Timeline of computer viruses and worms]] ==References== {{reflist}} ==External links== * [https://web.archive.org/web/20191213105201/http://www.unixwiz.net/techtips/CodeRedII.html Original Analysis of Code Red II] - analysis by Steve Friedl * [https://web.archive.org/web/20041205102928/http://eeye.com/html/research/advisories/AL20010804.html ANALYSIS: CodeRed II Worm] - analysis by eEye Digital Security * [http://www.sans.org/reading_room/whitepapers/malicious/code-red-code-red-ii-double-dragons_88] [[Category:Exploit-based worms]] [[Category:Hacking in the 2000s]]
Edit summary
(Briefly describe your changes)
By publishing changes, you agree to the
Terms of Use
, and you irrevocably agree to release your contribution under the
CC BY-SA 4.0 License
and the
GFDL
. You agree that a hyperlink or URL is sufficient attribution under the Creative Commons license.
Cancel
Editing help
(opens in new window)
Pages transcluded onto the current version of this page
(
help
)
:
Template:Cite web
(
edit
)
Template:Infobox computer virus
(
edit
)
Template:Reflist
(
edit
)
Template:Short description
(
edit
)