Code Red Worm Activity
Original release date: June 19, 2001
There has been a dramatic increase in reports of website defacements and scans for hosts listening on TCP port 80. This activity appears to be related to the "Code Red" worm, a recently discovered worm that exploits the buffer overflow in the IIS Indexing Service DLL. More information can be found at http://www.cert.org/advisories/CA-2001-13.html
· Systems running Microsoft Windows NT 4.0 with
showed first 75 words of 197 total
showed last 75 words of 197 total
Application Programming Interface extension is IDQ.DLL).
The vulnerability allows the attacker to run code of their choice. The attacker may have complete control of the victimís system. I think this kind of worm is a common one and administrators need to be aware of new system bugs and apply the appropriate fixes.
The solution to this problem is a apply patch. Appropriate patches to protect against attack can be downloaded from the Internet.