Code Red

Wednesday, 08 August 2001

It’s the buzzword of the moment. Seems this site got scanned 200 times since the whole thing started, all by the second generation Code Red. My firewall has been getting an equal amount of attention too.

Just to recap… Code Red is Worm virus that takes advantage of a buffer overflow exploit in Microsoft’s Indexing service (something to make searching quicker) that is made publically available via Microsoft’s IIS (Internet Information Server) which is their brand of web server that is to the best of my knowledge on by default, meaning any Win2k machine connected to the net is a potential target.

Since an infected machine is a web server, I can visit the IP shown in my logs in a web browser to see the site trying to attack me. From the looks of it, the sites are being run without the user’s knowledge (cause IIS is turned on by default?), this means these computers will remain infected for… forever or at least until a reboot (or BSOD :).