Contatti
Chi siamo
Stampa
Beta test
Language:
Italiano
English
Deutsch
Français
Español
Italiano
Português
Русский
Per utenti privati
Avira Antivirus Premium
Avira Internet Security
Per aziende
Client/Server
Avira Professional Security
Avira Server Security
Avira Business Security Suite
Avira Endpoint Security
Small Business
Gateways
Avira AntiVir MailGate
Avira MailGate Suite
Avira AntiVir Exchange
Avira AntiVir WebGate
Avira WebGate Suite
Avira AntiVir GateWay Bundle
Avira AntiVir SharePoint
Integrazione
Anti-Malware SDK (SAVAPI)
Antispam SDK (SPACE)
Rebranding & Bundling
Servizi di integrazione
Sconto Formazione
Supporto
Per utenti privati
Panoramica
Ultime news
Tutorial video
Knowledgebase
Per le aziende
Panoramica
Ultime news
Knowledgebase
Virus Lab
Descrizioni dei virus
Statistiche
VDF History
Viruses In the Wild
Glossario dei virus
Invia il file sospetto
Download
Scarica il prodotto
Documentazione tecnica
Product Lifecycle
Aggiornamento VDF
Partner
Trova un partner
Come diventare partner di Avira
Affiliate
Free
Download
Cerca
In breve
Descrizione completa
Statistiche
Alias:
W32/CodeRed.a.worm
Type:
Worm
Size:
Origin:
unknown
Date:
07-25-2001
Damage:
VDF Version:
Danger:
Medium
Distribution:
High
Technical Details
Worm/CodeRed uses a Microsoft IIS (Internet Information Server) security hole for its spreading. After the worm infects a server, it will look for other servers to invade.
There are some conditions, for the CodeRed to infect a system:
- Microsoft Windows NT 4.0 or Windows 2000 with IIS 4.0 or IIS 5.0
- Cisco CallManager, Unity Server, uOne, ICS7750, Building Broadband Service Manager
When the worm infects a computer, the file C:\notworm. appears. The CodeRed has the following payload:
1. The worm opens communication on TCP port 80 to 100 randomly chosen IP addresses and tries to send itself to them.
2. If the computer is on between the 20th and 28th of the month, CodeRed starts a DoS (Denial-of-Service) attack against an US Government website (www1.whitehouse.guv).
3. After the infection succeeded, the server is set again to English as standard language. Then, on all compromised sites will appear the following message:
HELLO! Welcome to http://www.worm.com! Hacked By Chinese!
Descrizione inserita da Crony Walker su martedì 15 giugno 2004
Indietro
.
.
.
.
