What is Code Red?
Code Red is a worm that exploits a known buffer overflow vulnerability in IIS 4.0/5.0
- Scans TCP port 80 on random IP addresses to find systems with exploitable vulnerability
- Infected systems look for 100 additional systems
- Malformed GET can also affect non-IIS software
- Resides only in RAM; rebooting clears the worm
Code Red I causes high traffic loads on the Internet, Web defacements, DDoS attack on "whitehouse.gov", and crashed systems
Code Red II causes extraordinarily high traffic loads, crashed systems, and installs backdoors