[Dshield] Intelligent Code Red - 45 seconds to infect and deploy
Thompson, John J
ThompsonJJ at mail.medicine.uiowa.edu
Thu Aug 2 18:53:15 GMT 2001
Rapid infection, rapid deployment. All in 45 seconds.
I just finished a clean install of windows2000 for our website. I had
enabled ip filtering blocking all but 137-139, and 80. Then I needed to get
to my file server to download black ice and the patch for code red. That
file copy took no more than 45 seconds. I then installed black ice and the
patch. Before I restarted, I opened black ice to set the advanced filters.
In less than 20 seconds, my machine was attacking 9 hosts before I could
pull the plug.
My machine was attacked, infected, and then was attacking others during less
than a minute of connection to the network. Amazingly, this machine was the
only one attacked. My 5 other win2k servers and active web server didn't
flag a single attack. How is code red finding the vulnerable system without
touching other systems on the same network and infecting it and deploying
itself within 45 seconds???
Dept. of Biochemistry
University of Iowa
More information about the list