Re: CodeGreen beta release (idq-patcher/antiCodeRed/etc.)

[Markus Kern <markus-kern () gmx net>]

Herbert HexXer wrote:
> hello guys ...
> ... i have been developing a code, that should patch the isdapi-filter
> bufferoverflow vulnerability (the vulnerability CodeRed is exploiting) discovered
> by eEye (walk through the code for details).

Since we're at it ...
I wrote something similar a few weeks ago but didn't release it back then.
Well, here it is, may the curious enjoy it.

It's a passively spreading worm that patches the box and removes CRII.
After installing an ISAPI filter it infects every host sending Code Red, 
it does not actively scan for vulnerable hosts which should prevent cisco
crashes and all the other side effects of Code Red.
Since my assembler skills are limited the main part of the worm is written
in C and only the exploit code is assembler.

It should be obvious that I take no responsibility for what you do with
this code. Although it doesn't contain any malicious code don't blame me
if you hose your network or system.

-- Markus Kern <markus-kern () gmx net>

PS: The spreading mechanism is broken on purpose

Attachment: CRclean.zip
Description: