Code Red II inspired by both Code Red and sadmind/IIS

[Denis Normand <normand () interlink net>]

I just came back from vacation and was catching up on various things,
among which  Code Red II.

On July 2, I posted a message on this list about a side effect of
sadmind/IIS where, under some configuration, root.exe was left behind in
the /MSADC/ virtual folder. From the uniattack.pl script of sadmind/IIS,
this side effect seems unintentionnal. I was very surprised to see that
what was a side effect in sadmind/IIS is actually one of the core
purpose of CR2!

This leads me to think that the author of Code Red II was not only
inspired by Code Red, but by sadmind/IIS as well.

Also, the first side effect I mentioned in the previous post, is even
more effective with Code Red I and II.

Denis Normand
normand () interlink net



----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com