|
Description:
This worm and its variant CODERED.B pose minimal risk to most PCs. It uses a remote buffer overflow vulnerability in Internet Information Service (IIS) Web Servers that can give system-level privileges to a remote user, thereby compromising network security.
This worm has two trigger dates and two payloads. The first payload is triggered when the current system day is between the 20th and 28th of the month. This worm executes a distributed denial of service attack (DDoS) on a Government Web site (www1.whitehouse.gov).
The second payload is triggered if the current system day is less than the 20th of the month. The payload then executes and generates random IP addresses and sends copies of itself through port 80.
IIS users should download Microsoft's patch for the .ida vulnerability.
For additional information about this threat, see:
Solution
Technical Details
Description created: Jul. 30, 2001 9:47:43 PM GMT -0800
Search a new malware
Tell us how we did. Take our quick survey.
|
Save & Share
