IWS - The Information Warfare Site
News Watch Make a  donation to IWS - The Information Warfare Site Use it for navigation in case java scripts are disabled

ADVISORY 01-017

"Code Red II"
August 06, 2001

The National Infrastructure Protection Center (NIPC) continues to work in close coordination with its public and private sector partners regarding what has been named Code Red II. The NIPC considers Code Red II to be a serious threat because it spreads rapidly and installs a backdoor that can be accessed by anyone familiar with the exploit. Any intruder can use the backdoor compromise to make other system modifications at will. As a result, the repair of the infected system may require the reinstallation of the operating system, data files, and the Microsoft patch. As in the case of Code Red last week, the Microsoft patches can be located at the following URLs:

For Windows NT 4 machines:
http://www.microsoft.com/downloads/release.asp?releaseid=30833

For Windows 2000 machines:
http://www.microsoft.com/downloads/release.asp?releaseid=30800

Code Red and Code Red II exploit the same vulnerability found in Internet Information Systems (IIS) versions 4.0 and 5.0 running on Windows NT-4 and Windows 2000 operating systems.

For those already infected by Code Red II, a suggested process for repairing your system can be found at www.cert.org/tech_tips/win-UNIX-system_compromise.html.

Recipients of this Advisory are encouraged to report computer intrusions to their local FBI office (http://www.fbi.gov/contact/fo/fo.htm) or the NIPC, and to other appropriate authorities. Incidents may be reported online at http://www.nipc.gov/incident/cirr.htm. The NIPC Watch and Warning Unit can be reached at (202) 323-3204/3205/3206 or nipc.watch@fbi.gov.