Security Incidents mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Code Red II inspired by both Code Red and sadmind/IIS

From: "Nick FitzGerald" <nick () virus-l demon co uk>
Date: Sat, 11 Aug 2001 00:40:47 +1200
Denis Normand <normand () interlink net> wrote:


On July 2, I posted a message on this list about a side effect of
sadmind/IIS where, under some configuration, root.exe was left behind in
the /MSADC/ virtual folder. From the uniattack.pl script of sadmind/IIS,
this side effect seems unintentionnal. I was very surprised to see that
what was a side effect in sadmind/IIS is actually one of the core
purpose of CR2!

This leads me to think that the author of Code Red II was not only
inspired by Code Red, but by sadmind/IIS as well.


...except that the "copy cmd.exe to root.exe" payload is entirely 
unnecessary give the much larger backdoor that it opens up...


-- 
Nick FitzGerald
Computer Virus Consulting Ltd.
Ph/FAX: +64 3 3529854

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com
Previous By Date Next
Previous By Thread Next

Current thread: