Factbites
 Where results make sense
About us   |   Why use us?   |   Reviews   |   PR   |   Contact us  

Topic: Code Red II


  
  CNN.com - New 'Code Red' worm entices Web hijackers - August 7, 2001
Computers infected with Code Red II should be reformatted to remove all trace of the worm and the backdoor, said Levy, and any software will need to be reinstalled.
For the original Code Red, rebooting an infected system was sufficient to remove it from memory.
Code Red II, which spreads across nearby servers rather than randomly like Code Red, is designed to stop spreading on October 1.
www.cnn.com /2001/TECH/internet/08/06/code.red.two/index.html   (905 words)

  
 Code Red II - CNET reviews
Code Red II can be identified in Web server logs by the use of "XXXXXX" as filler characters as opposed to the original "NNNNN." According to eEye Digital Security, Code Red II will only run on Windows 2000 machines; Windows NT machines will simply crash upon infection.
Code Red II exploits the Relative Path vulnerability which allows for explorer.exe in the root to be executed before the explorer.exe in the Windows subdirectory.
Even though the Code Red II worm itself does not write itself to memory and can be cleared from an infected system by rebooting, the changes made to the registry by the Trojan remains on your computer whether or not the worm is still active on the system.
reviews.cnet.com /4520-6600_7-5020493-1.html   (739 words)

  
 Code Red offshoot packs a bigger punch | CNET News.com
The original Code Red worm prompted the White House to move the address of its Web site and led to government warnings from the FBI.
The two major differences between the original Code Red worm and the new variant is the way the latest bug spreads itself and the establishment of the back door.
Whereas the original Code Red looked for 100 systems at a time to infect, the new strain looks for 300 at a time, unless the infected computer is running a Chinese-language version of Windows NT or Windows 2000, in which case it looks for 600 computers at a time, Maiffret said.
news.cnet.com /news/0-1003-200-6792918.html   (895 words)

  
 CNN.com - 'Code Red II' slows parts of the Net - August 8, 2001
Code Red II is a possible culprit for that and other sporadic outages, computer security experts said.
Code Red II has infected an estimated 150,000 to 400,000 machines, according to anti-virus companies.
The origin of Code Red II remains a mystery, but it is designed to stop spreading on October 1.
edition.cnn.com /2001/TECH/internet/08/07/code.red.two   (768 words)

  
 Time for 'Code Red II'
Code Red II is said to be more aggressive than the original worm because it installs a backdoor in servers that allows attackers to easily access the infected computer.
Code Red II is not a variant of the original Code Red, according to Security Focus, but rather a brand new worm that shares signatures of the original and imitates the method of attack.
Code Red was originally discovered in mid-July, shortly before it caused infected machines to launch a denial of service attack against the White House Web server.
www.thestandard.com /article/0,1902,28477,00.html?nl=dnt   (490 words)

  
 SANS Institute - Malware FAQ: Code Red - ISS Buffer Overflow
Code Red II Code Red II used the same buffer overflow to compromise systems but had a much different payload.
Code Red II is not memory resident like the CRv1 and CRv2, so a reboot will not remove the worm.
Code Red may be using enough CPU cycles to impact the server's normal routine prompting the system administrator to investigate further.
www.sans.org /resources/malwarefaq/code-red.php   (3641 words)

  
 GRC | CodeRedII Analysis     (Site not responding. Last check: 2007-10-17)
Code Red II Worm Analysis Update ================================= The new worm that was first noticed yesterday has been analyzed.
See the Code Red Patch FAQ at http://www.incidents.org/react/code_red.php for information on patching systems to remove the vulnerability.
Except for using the buffer overflow mechanism in order to get the worm code executed on a vulnerable IIS server, this new worm is entirely different from the original Code Red CRv1 and CRv2 variants.
www.grc.com /codered/coderedii.htm   (1406 words)

  
 Berkeley Lab Computer Protection Program: Resources
Code Red even is programmed to direct a denial-of-service attack aimed at www.whitehouse.gov.
Code Red than starts scanning the network for other systems in which TCP port 80 is active.
Code Red II: Microsoft has released a utility that not only removes Code Red II from the infected system's memory, but also deletes the back door program and the special mappings.
www.lbl.gov /ITSD/Security/vulnerabilities/virus-archive_code-red.html   (1147 words)

  
 Wired News: Code Red II Wends Its Way
Code Red II's debut was marked for many by the furious flickering of their cable modem's data light as the worm scanned the Internet for vulnerable computers to infect.
In an attempt to alert people that their machine has been infected and is spreading the Code Red II worm, SecurityFocus, a computer security news site, began collecting firewall logs that point to infected machines so that they can notify the computers' owners.
Marc Maiffret and Ryan Permeh of eEye Digital Security said in a post to Security Focus's BugTraq archive that Code Red II is not a true variant of Code Red, but is instead a "completely brand new worm" that only uses the same method of infection as the original.
wired.com /news/technology/0,1282,45847,00.html   (1061 words)

  
 CNN.com - Code Red II worm strikes Japan - August 8, 2001
Code Red II, like its predecessor, spreads through a security hole in Microsoft's server software running on Windows NT or Windows 2000 machines.
In South Korea, Code Red II has attacked the servers of about 13,000 organizations, mainly small companies and education institutions.
The Code Red II worm, which strikes servers using certain Microsoft software and operating systems, is a second and more pernicious relative of the Code Red worm that hit more than 300,000 computers in July.
archives.cnn.com /2001/BUSINESS/asia/08/08/tokyo.coderedspread   (313 words)

  
 Wired News: All Quiet on Code Red Front
Code Red I is programmed to scan the Internet for vulnerable machines for the first 19 days of each month.
Code Red II take action, the worm will still continue to scan the Internet until the end of September, when it is set to self-destruct, according to eEye Digital security's analysis.
Code Red II does not launch denial-of-service attacks; instead it creates a "back door" in infected Web servers that allows easy access to the infected server's contents.
www.wired.com /news/technology/0,1282,46139,00.html   (697 words)

  
 On-line Code-Red Worm Self-Test by SecuritySpace   (Site not responding. Last check: 2007-10-17)
The Code Red Worm is a self-replicating piece of software that infects IIS web servers by exploiting a well-known vulnerability, known as the IIS ISAPI buffer overflow.
Code Red II There are several known variants of the worm in the wild.
If your system was infected with any of the Code Red worms, it has been actively screaming at any webserver it can find on the net that your system is vulnerable because the worm on it is trying to infect other systems.
www.securityspace.com /smysecure/code_red.html   (447 words)

  
 CERT Advisory CA-2001-19 "Code Red" Worm Exploiting Buffer Overflow In IIS Indexing Service DLL
The "Code Red" worm attempts to connect to TCP port 80 on a randomly chosen host assuming that a web server will be found.
IIS 4.0 and 5.0 servers with Indexing service installed will almost certainly be compromised by the "Code Red" worm.
Furthermore, it is important to note that while the "Code Red" worm appears to merely deface web pages on affected systems and attack other systems, the IIS indexing vulnerability it exploits can be used to execute arbitrary code in the Local System security context.
www.cert.org /advisories/CA-2001-19.html   (1253 words)

  
 PC World - Feeling the Effects of Code Red II   (Site not responding. Last check: 2007-10-17)
The problem, he says, is that Code Red II is invading unpatched servers and then using them to send out huge numbers of system scans in an attempt to find other computers that are vulnerable.
While Code Red II has been given a similar name to the worm that struck servers in two waves during the past few weeks, it isn't a variant of the first Code Red, according to an advisory posted by the SecurityFocus.com information service in San Mateo, California.
Instead, Code Red II is an all-new worm that shares some signature attributes of its predecessor and imitates the method of attack used by the original Code Red.
www.pcworld.com /news/article/0,aid,57724,00.asp   (978 words)

  
 G4 - Feature - Code Red II Strikes
Dubbed Code Red II, the worm is said to move faster than Code Red but can still be stopped by downloading the Microsoft patch used last week to help stop Code Red, security officials said Sunday.
Despite its name, Code Red II is not a "variant" of Code Red, but a completely new worm.
Although Code Red II also attacks computers running Microsoft Windows NT and Windows 2000 operating systems as Code Red, the new copycat worm acts differently by leaving a "back door" open on infected computers, according to the Systems Administration, Networking and Security Institute (SANS).
www.g4tv.com /techtvvault/features/22146/Code_Red_II_Strikes.html   (422 words)

  
 Symantec Security Response - CodeRed II
If you are running the Microsoft IIS Server, we strongly recommended that you apply the latest Microsoft patch to protect your system from this worm.
A cumulative patch for IIS, which includes the four patches released to date, is available at http://www.microsoft.com/technet/security/bulletin/MS01-044.asp.
Once CodeRed II attacks a computer, it is difficult to determine what else the computer has been exposed to.
securityresponse1.symantec.com /sarc/sarc.nsf/html/codered.ii.html   (1956 words)

  
 Code Red II Spreads in Asia
Infection by Code Red II has been widespread in Taiwan and China this week, according to antivirus software vendor Trend Micro Inc. Japan's national police organization reported Wednesday that it has received reports of more than 200 servers in the country being attacked by the virus.
Code Red II, officially dubbed Code Red 3.0, is similar to the Code Red worm that attacked systems worldwide at the beginning of August, but with a more dangerous effect: It creates a "backdoor" to Web servers that lets hackers easily get in and steal or change information and passwords.
As for where Code Red II came from, as with the original Code Red, it's hard to trace, he added.
thestandard.com /article/0,1902,28574,00.html   (870 words)

  
 Geek.com Geek News - Code Red II attacks
The method of spreading is more aggressive than that used in the Code Red worm, and CRII also installs a Trojan that could allow affected systems to be easily compromised in the future, or used for malicious purposes.
There's got to be some savvy pro-Microsoft IIS admins out there who are up to the task of re-writing Code Red and force-patching all the IIS servers that are vulnerable and come into contact.
Code Red II hit Intel hard today apparently their clueless IT people are no smarter than Microsoft's clueless IT people.
www.geek.com /news/geeknews/2001aug/gee20010806007158.htm   (2547 words)

  
 'Code Red II' - A Meaner Internet Worm
Code Red II installs a ``back door'' onto an infected computer's machine that would allow anyone using a Web browser to remotely access the server and execute commands, said Elias Levy, chief technology officer at
Code Red II also is able to move quicker than Code Red I because it doesn't wait for connections to time-out when scanning other computers that might be unreachable, Levy said.
Code Red originally was written to launch such an attack on the White House Web site (
www.rense.com /general12/worms.htm   (799 words)

  
 Code Red II spreading
The so-called Code Red II worm was spotted in the wild Saturday.
Like its namesake, Code Red II spreads on its own power, cracking systems by exploiting a buffer overflow vulnerability in IIS that was discovered by eEye Digital Security in June.
Despite its similarities, Code Red II is not a variant of the Code Red virus.
www.securityfocus.com /news/232   (231 words)

  
 Dissecting Code Red II
Dissecting Code Red II A collection of Internet security bigwigs gathered Saturday night for a formal dinner/confab at the Ontario home of Russ Cooper, Surgeon General for TruSecure Corp. Known as the BugTraq retreat, the gathering turned into a live exercise in worm warfare as Code Red II began popping up on the Internet.
Code Red II attacked the vulnerable servers running Microsoft Internet Information Server (IIS) software, but this time left behind a back door that intruders could use to take over infected machines.
Cooper took searchSecurity through the dissection of Code Red II and offered some pointed opinions about the role of Internet service providers in the spread of the worm.
searchsecurity.techtarget.com /qna/0,289202,sid14_gci759681,00.html   (2171 words)

  
 CNN.com - China's networks hit by Code Red II - August 10, 2001
China's National Internet Emergency Center says Code II infection is "very severe" and has "seriously threatened" Internet services across the country, the state-run Beijing Morning Post newspaper said.
"Code Red II is like an air-borne plague, its damaging effect has far exceeded CIH," the center was quoted as saying, referring to a virus attack earlier in the year.
However, Code Red II and Code III, discovered recently, are different worms and are not variants of Code Red.
edition.cnn.com /2001/WORLD/asiapcf/east/08/10/china.codered/index.html   (605 words)

  
 Son of Code Red is born | The Register
A new IIS worm similar to the dreaded Code Red worm (which was supposed to break the Internet last week and didn't -- damn) has emerged over the weekend.
One of the most under-reported aspects of the Code Red worm was the fact that the IIS Indexing Service ISAPI filter vulnerability, which it exploits to do its dirty work, can yield system-level access to an intruder.
Some moronic twit in the USA or Europe has persuaded himself that the 'hacked by Chinese' defacement red herring in the original Code Red was proof that that a Chinese hacker created it, and this is payback.
www.theregister.co.uk /content/4/20841.html   (751 words)

  
 F-Secure Computer Virus Information Pages: CodeRed
CodeRed II is a rewritten version of the original Code Red worm.
The most important feature of Code Red II is that it installs a backdoor into systems it infects.
On comparison, on 19th of July, Code Red infected around 300,000 servers, and was only stopped because the worm stopped infections by itself.
www.f-secure.com /v-descs/bady.shtml   (1112 words)

  
 Akaba Code Red II Press Release
This complimentary scan can give IT Managers the information they need to avert disaster." The network scan will notify users if they are vulnerable to the Code Red II worm, or if they have already been infected.
"Code Red II is not simply a variant of the original worm" says Tim Huntley, Chief Technology Officer for Akaba, Inc., "but a completely new program with a much more sinister purpose".
To learn more about Code Red II and to sign up for this free Code Red II scan, users should visit www.akabainc.com.
www.akabainc.com /pr_codered.html   (374 words)

  
 Code Red II
Code Red II can infect unpatched Windows 2000 servers running IIS 4.0 or 5.0 with Indexing Service installed.
Any system infected with Code Red II should be rebuilt from secure media, such as CD, to ensure that is clean and that no backdoors have been left on the system.
Immediately apply the IIS patches once the system is on the network, whether or not you plan to run the service.
security.berkeley.edu /codered.html   (394 words)

  
 Cleaning up Code Red II
User systems taken off of the network for Code Red II must agree to reformat, reinstall, and then apply all applicable MS patches and hotfixes before they will be allowed to have the machine put back on.
Unlike the original and versions 2 and 3 of Code Red, the Code Red II worm modifies files on the target computer.
Microsoft has released a "Cumulative Patch for IIS" (MS01-044) which is supposed to fix the problems which Code Red exploits on either IIS 4.0 and IIS 5.0.
www.cmu.edu /computing/documentation/solutions/000475.html   (341 words)

  
 'Code Red II' worm reported on Internet   (Site not responding. Last check: 2007-10-17)
WASHINGTON — A new, destructive worm similar to Code Red, which infected computers around the world last week, is spreading through the Internet, but authorities aren't sure how much damage it has done.
Code Red II attacks the same Internet-connected computers that were vulnerable to Code Red in the same fashion.
Despite its name, Code Red II is not a “variant” of Code Red, but a completely new worm.
www.enquirer.com /editions/2001/08/06/fin_code_red_ii_worm.html   (317 words)

  
 NewsFactor Network | Code Red Virus 'Most Expensive in History of Internet'
Code Red II, the self-propagating Internet worm, is slowly working its way around the United States, causing sporadic outages and running up an immense tab in its wake.
The economic cost of the original Code Red worm and its more malicious cousin, Code Red II, has risen to more than US$2 billion, according to research company Computer Economics.
When the Code Red worm debuted last month, it swept through about 250,000 computers in nine hours, forcing the White House to change its numerical Web address and prompting the Pentagon to briefly shut down its public sites.
www.newsfactor.com /perl/story/12668.html   (923 words)

Try your search on: Qwika (all wikis)

Factbites
  About us   |   Why use us?   |   Reviews   |   Press   |   Contact us  
Copyright © 2005-2007 www.factbites.com Usage implies agreement with terms.