This dataset is no longer available and has a current status of
'Withdrawn'.
Please see the catalog for a listing of currently available datasets.
Please see the catalog for a listing of currently available datasets.
This is a non-IMPACT record, meaning that access to the data is not
controlled by IMPACT. For access, see the directions below.
Disclaimer:
This Resource is offered and provided outside of the IMPACT mediation framework. IMPACT and the IMPACT Coordination Council/Blackfire Technology, Inc. expressly disclaim all conditions, representations and warranties including but not limited to Resource availability, quality, accuracy, non-infringement, and non-interference. All Resource information and access is controlled by entities and under terms that are external to the IMPACT legal framework.
Disclaimer:
This Resource is offered and provided outside of the IMPACT mediation framework. IMPACT and the IMPACT Coordination Council/Blackfire Technology, Inc. expressly disclaim all conditions, representations and warranties including but not limited to Resource availability, quality, accuracy, non-infringement, and non-interference. All Resource information and access is controlled by entities and under terms that are external to the IMPACT legal framework.
Summary
DS-0721
Code Red Dataset
External Dataset
UCSD - Center for Applied Internet Data Analysis
UCSD - Center for Applied Internet Data Analysis
07/19/2001
08/19/2001
45 (lowest rank is 56)
Description
Data for the CodeRed Worm outbreak
This dataset contains information useful for studying the spread of the
Code-Red version 2, and CodeRedII worms. The dataset consists of a
publicly available set of files that contain summarized information that
does not individually identify infected computers.
The first incarnation of the Code-Red worm (CRv1) began to infect hosts
running unpatched versions of Microsoft's IIS webserver on July 12th, 2001.
The first version of the worm uses a static seed for it's random number
generator. Then, around 10:00 UTC in the morning of July 19th, 2001,
a random seed variant of the Code-Red worm (CRv2) appeared and spread.
This second version shared almost all of its code with the first version,
but spread much more rapidly. Next, on August 4th, a new worm began to
infect machines exploiting the same vulnerability in Microsoft's IIS
webserver as the original Code-Red virus. Although the new worm had no
relationship to the first one outside of exploiting the same vulnerability,
it contained in its source code the string "CodeRedII" and was thus named
CodeRed II. Finally, on September 18, 2001, the Nimda worm began to spread
via backdoors left by CodeRedII, as well as via email, open network shares,
and compromised web sites.
Additional Details
255.0MB
true
false
analysis, center, applied, ucsd, code, red, dataset, code red dataset, 721, 2001, anonymized, ucsd - center for applied internet data analysis, worm, codered, outbreak, version, spread, coderedii, july, vulnerability, iis, infect, random, microsoft, seed, exploiting, webserver, running, network, september, web, blackhole, virus, shares, relationship, incarnation, unpatched, contained, computers, rapidly, blackhole address space data, summarized, identify, original, consists, email, infected, machines, generator, august, static, studying, ii, variant, appeared, space, source, 19th, sites, crv2, crv1, named, worms, utc, hosts, string, 12th, shared, publicly, compromised, individually, files, left, versions, nimda, morning, 4th, backdoors, finally, 00