Code Red, the "default.ida" based worm. |
In mid July 2001, a worm that exploits a known vulnerability in IIS became extremely widespread. This worm doesn't have any link with IDA Pro itself, it uses an vulnerability called "default.ida" in Microsoft IIS . |
Short description |
This worm will spread from vulnerable IIS server to vulnerable IIS server and, on the 20th of July 2001, fire up packets from infected machines towards the www.whitehouse.gov site, in what could result in a denial of service attack. What's worse, the worm opens the door to new attacks. The worm will then proceed to sleep for a few days and then resume its infection phase. The worm's spread has been analyzed and graphed by caida |
In practice |
Update your IIS servers
Learn more about this vulnerability Get
the Worm analysis
|
Note |
At the time this is being written, some of the Microsoft Windows Update sites themselves have been reported to be infected. It is clear that if the servers supposed to deliver the updates are themselves susceptible to attacks, this raises fundamental questions on the security of the whole infrastructure... |
DataRescue 45 quai de la Dérivation 4020 Liège (Belgium) tel 32-4-3446510 fax 32-4-3446514 Please send us your questions or comments. |