Contact
A propos d'Avira
Presse
Version bêta
Language:
Français
English
Deutsch
Français
Español
Italiano
Português
Русский
Particuliers
Avira Antivirus Premium
Avira Internet Security
Entreprises
PC/serveurs
Avira Professional Security
Avira Server Security
Avira Business Security Suite
Avira Endpoint Security
PME
Services hébergés
Passerelles
Avira AntiVir MailGate
Avira MailGate Suite
Avira AntiVir Exchange
Avira AntiVir WebGate
Avira WebGate Suite
Avira AntiVir GateWay Bundle
Avira AntiVir SharePoint
Intégration
Anti-Malware SDK (SAVAPI)
Antispam SDK (SPACE)
Rebranding et regroupement
Services d’intégration
Remise Enseignement
Support
Particuliers
Aperçu
Dernières actualités
Tutoriels vidéo
Base de connaissances
Entreprises
Aperçu
Dernières actualités
Base de connaissances
Laboratoire antivirus
Descriptions de virus
Statistiques
Historique VDF
Virus "In the Wild"
Science des virus
Soumettre le Fichier Suspect
Téléchargements
Téléchargement produits
Documentation technique
Cycle de vie des produits
Mise à jour VDF
Partenaires
Trouver un partenaire
Devenir partenaire Avira
Société affiliée
Version gratuite
Télécharger
Rechercher
Brève description
Description complète
Statistiques
Alias:
W32/CodeRed.a.worm
Type:
Worm
Size:
Origin:
unknown
Date:
07-25-2001
Damage:
VDF Version:
Danger:
Medium
Distribution:
High
Technical Details
Worm/CodeRed uses a Microsoft IIS (Internet Information Server) security hole for its spreading. After the worm infects a server, it will look for other servers to invade.
There are some conditions, for the CodeRed to infect a system:
- Microsoft Windows NT 4.0 or Windows 2000 with IIS 4.0 or IIS 5.0
- Cisco CallManager, Unity Server, uOne, ICS7750, Building Broadband Service Manager
When the worm infects a computer, the file C:\notworm. appears. The CodeRed has the following payload:
1. The worm opens communication on TCP port 80 to 100 randomly chosen IP addresses and tries to send itself to them.
2. If the computer is on between the 20th and 28th of the month, CodeRed starts a DoS (Denial-of-Service) attack against an US Government website (www1.whitehouse.guv).
3. After the infection succeeded, the server is set again to English as standard language. Then, on all compromised sites will appear the following message:
HELLO! Welcome to http://www.worm.com! Hacked By Chinese!
Description insérée par Crony Walker le mardi 15 juin 2004
Retour
.
.
.
.
