How to anonymously get root access on a quarter million machines overnight
In the past 24 hours the CodeRed II worm has been infecting IIS web servers with a speed equal to or greater than that of the original CodeRed. The original CodeRed infected what is thought to be all vulnerable machines, approximately 250,000 hosts, in under 24 hours.
While CodeRed I was relatively harmless, CodeRed II installs a full Administrator-access back door shell that can be accessed via HTTP. This creates a very interesting situation, and with the techniques discussed in this paper opens a new potential door for mass system cracking.
posted by lagado
on Aug 5, 2001 -