The FTP get request stimulates the infected machine to download HTTPEXT.dll to an IIS folder that gives way to execute specific commands on the server. This new variant targets IP addresses in random and sends FTP get request to the victim systems. It exploits the “Web Server Folder Traversal” Vulnerability to pass on the infection with new machines. It replaces takes the place of multiple’s of N’s with X’s The signature of CodeRed II infects the host with a trojan – Virtual Root to help hackers to establish a backdoor to access and control the host server. This is a similar variant to the original that was found different in two major ways. When scanning for vulnerable machines, the worm did not test to see if the server running on a remote machine was running a vulnerable version of IIS, or even to see if it was running IIS at all. Then in infects the system associated with specific IP addresses through Denial of Service attacks from day 20 to Day 27Īfter which there are no active attacks from Day 28th of the month
It tries to spread its infection by finding more IIS servers on the Internet from Day 1 and Day 19 Distorts the infected website to display:.The worm virus is completely run in the memory and cannot be found on the disk. By doing so the code runs within the IIS server. By this way the code is developed to exploit a buffer overflow vulnerability in Microsoft’s Internet Information Server (IIS) which is the indexing software. Behaviour of Code RedĬode Red lands on the server in the form of GET /default.ida request on on TCP port 80. It infected close to 359,000 hosts on July 19, 2001. It displays a text string “Welcome to Hacked by Chinese!” and it runs on the memory erasing all files present in the hard drive. The named the computer worm, “Code Red” is because they were drinking Code Red Mountain Dew when they confirmed it as a threat. Marc Maiffret and Ryan Permeh employees of eEye Digital Security discovered this worm when it exploited an existing vulnerability discovered by Riley Hassell. The after effect of the attack caused a damage of billions of dollars in the summer of 2001. Code red is a computer worm that was identified in July 2001, when computers running on Internet Information Services (IIS) web server of Microsoft were found compromised.
0 kommentar(er)
