The Haus

Sunday, August 5, 2001

Make that Code Red II -- 11:24 am CST, Update by A.T. Hun

Several reports are circulating that a new variant of the Code Red worm called Code Red II is making its way around the Net. Once again it attacks Win2K/NT boxes running MS's IIS webserver. This version opens up a backdoor on any infected system. If servers have not been patched, it may be too late. Security News Portal tells what it does. It's not good, folks. Basically I can pick any of the I.P.s that are attempting to contact me and immediately telnet to their box. Think there are going to be a few DDoS attacks coming up soon? J.t.Qbe just moved to Michigan and his brand new cable modem's activity light is almost always on from this thing.

Update! There is a discussion on this worm over on the Gibson Research website.

The Master comments: I can confirm for sure that The Haus has seen at least one hit from this worm. So it's on the loose kids.

J.t.Qbe comments: Over the last few days I've watched this grow into a storm--my cable modem's data LED is constantly blinking, from once every few seconds (a few days ago) to numerous times per second. Think there'll be any backlash against IIS over this one? I'm not holding my breath.

UPDATE! 11:23 P.M. Bugtraq has the lowdown on Code Red II. This is not just a modification of Code Red, it's a whole new animal with a similar attack pattern. Apparently, like Code Red, it does not affect WinNT 4.0, just Win2K servers. I was not aware of that limitation. Mea culpa. Fortunately it seems like it can be removed relatively easily . . . assuming the server has not been compromised further.

News for 08/05/2001

Recent Headlines

January 5, 2015: It Returns!
August 10, 2007: SCO SUCKS IT DOWN!
July 5, 2007: Slackware 12.0 Released
May 20, 2007: PhpBB 3.0 RC 1 Released
February 2, 2007: DOOM3 1.31 Patch

January 27, 2007: Join the World Community Grid
January 17, 2007: Flash Player 9 for Linux
December 30, 2006: Darkness over Daggerford 1.2
December 19, 2006: Pocket Tunes 4.0 Released
December 9, 2006: WRT54G 1.01.1 Firmware OK with Linux/Mac

The Haus is powered by:

All original information on this website is copyright © TheHaus.Net, 1999-2005. The use of original images, text, and/or code from this website without expressed written consent is prohibited. The authors of this site cannot be held responsible for any damage, real or imagined, which comes from the use of information presented on this site. All trademarks used are the properties of their respective owners. This site is not to be used as a floatation device (but if you try, I want a video tape of it).