![]() ![]() This second variant known as ".B" or "v2", generates completely random IP addresses streams, with much higher chances to spread than the initial version. The addresses of the servers that the worms attacks are generated random, but because of a bug, each copy of the worm will try to attack the same list of servers, greatly reducing its overall "attack power."Īpparently, the author also noticed this bug, because a few days after the first variant of the worm appeared in the wild, a second, fixed variant was found as well. When run, the worm code will start to create copies of itself in the memory in order to attack even more IIS servers at the same time. Using a specially crafted string sent to HTTP servers over the Internet, the worm manages to overwrite a variable in the a module named "idq.dll" thus, forcing the system to jump to an incorrect address, executing the worm code. ![]() ![]() It does this by exploiting a bug known as "Unchecked Buffer in the Index Server ISAPI Extension," described by Microsoft in the Microsoft Security Bulletin MS01-033, released on June 18th, 2001. ( Kaspersky Lab)Ĭode Red is a worm observed on the Internet on Jthat replicates between Windows 2000 servers running Microsoft's IIS (Internet Information Services) and the Microsoft Index Server 2.0 or the Windows 2000 Indexing Service. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |