Security Incidents mailing list archives
Re: Code Red II inspired by both Code Red and sadmind/IIS
From: "Nick FitzGerald" <nick () virus-l demon co uk>
Date: Sat, 11 Aug 2001 00:40:47 +1200
Denis Normand <normand () interlink net> wrote:
On July 2, I posted a message on this list about a side effect of sadmind/IIS where, under some configuration, root.exe was left behind in the /MSADC/ virtual folder. From the uniattack.pl script of sadmind/IIS, this side effect seems unintentionnal. I was very surprised to see that what was a side effect in sadmind/IIS is actually one of the core purpose of CR2! This leads me to think that the author of Code Red II was not only inspired by Code Red, but by sadmind/IIS as well.
...except that the "copy cmd.exe to root.exe" payload is entirely unnecessary give the much larger backdoor that it opens up... -- Nick FitzGerald Computer Virus Consulting Ltd. Ph/FAX: +64 3 3529854 ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- Code Red II inspired by both Code Red and sadmind/IIS Denis Normand (Aug 09)
- Re: Code Red II inspired by both Code Red and sadmind/IIS Nick FitzGerald (Aug 10)