Code Red, the "default.ida" based worm.
In mid July 2001, a worm that exploits a known vulnerability in IIS became extremely widespread. This worm doesn't have any link with IDA Pro itself, it uses an vulnerability called "default.ida" in Microsoft IIS .
Short description

This worm will spread from vulnerable IIS server to vulnerable IIS server and, on the 20th of July 2001, fire up packets from infected machines towards the site, in what could result in a denial of service attack. What's worse, the worm opens the door to new attacks. The worm will then proceed to sleep for a few days and then resume its infection phase.

The worm's spread has been analyzed and graphed by caida

In practice

Update your IIS servers

Windows NT version 4.0

Windows 2000 Professional, Server and Advanced Server

Learn more about this vulnerability

Vulnerability Description

Get the Worm analysis

Its full analysis can be downloaded courtesy of the good people at eeye



At the time this is being written, some of the Microsoft Windows Update sites themselves have been reported to be infected. It is clear that if the servers supposed to deliver the updates are themselves susceptible to attacks, this raises fundamental questions on the security of the whole infrastructure...

DataRescue 45 quai de la Dérivation 4020 Liège (Belgium) tel 32-4-3446510 fax 32-4-3446514 Please send us your questions or comments.