It looks like the latest CodeRed III compromises a server by putting
a backdoor in place, such that a GET /scripts/root.exe will give anyone
a shell on the infected machine. Could the code be added to to add a
GET /scripts.root.exe and then generate a pop-up screen on the infected host
warning the owner/administrator. And then maybe shutdown IIS & CodeRed?
Just my $.02
--
Danny Aldham Providing Certified Internetworking Solutions to Business
www.postino.com E-Mail, Web Servers, Web Databases, SQL PHP & Perl
> I've modified CodeRed.pm again, such that it now (a) writes better log
> messages and (b) sends an automatic message to the SecurityFocus team,
> in the format that they specified.
>
> Rather than blast the source code across this mailing list repeatedly,
> I've put it up at <http://reuven.lerner.co.il/projects/CodeRed.pm>. I
> expect to write some POD, rewrite a bunch of the comments, re-indent
> the source a bit, and other such fun things. But for the most part,
> it appears to work.
>
> Thanks for the feedback that I've received so far!
>
> Reuven
>
