This dataset is no longer available and has a current status of 'Withdrawn'.
Please see the catalog for a listing of currently available datasets.
This is a non-IMPACT record, meaning that access to the data is not controlled by IMPACT. For access, see the directions below.

This Resource is offered and provided outside of the IMPACT mediation framework. IMPACT and the IMPACT Coordination Council/Blackfire Technology, Inc. expressly disclaim all conditions, representations and warranties including but not limited to Resource availability, quality, accuracy, non-infringement, and non-interference. All Resource information and access is controlled by entities and under terms that are external to the IMPACT legal framework.


Code Red Dataset
External Dataset
UCSD - Center for Applied Internet Data Analysis
UCSD - Center for Applied Internet Data Analysis
41 (lowest rank is 52)

Category & Restrictions

Blackhole Address Space Data
blackhole address space data, computer worms


Data for the CodeRed Worm outbreak

This dataset contains information useful for studying the spread of the
                     Code-Red version 2, and CodeRedII worms. The dataset consists of a
                     publicly available set of files that contain summarized information that
                     does not individually identify infected computers.
                     The first incarnation of the Code-Red worm (CRv1) began to infect hosts
                     running unpatched versions of Microsoft's IIS webserver on July 12th, 2001.
                     The first version of the worm uses a static seed for it's random number
                     generator. Then, around 10:00 UTC in the morning of July 19th, 2001,
                     a random seed variant of the Code-Red worm (CRv2) appeared and spread.
                     This second version shared almost all of its code with the first version,
                     but spread much more rapidly. Next, on August 4th, a new worm began to
                     infect machines exploiting the same vulnerability in Microsoft's IIS
                     webserver as the original Code-Red virus. Although the new worm had no
                     relationship to the first one outside of exploiting the same vulnerability,
                     it contained in its source code the string "CodeRedII" and was thus named
                     CodeRed II. Finally, on September 18, 2001, the Nimda worm began to spread
                     via backdoors left by CodeRedII, as well as via email, open network shares,
                     and compromised web sites.

Additional Details

analysis, applied, center, ucsd, code, red, dataset, 721, code red dataset, 2001, ucsd - center for applied internet data analysis, anonymized, worm, codered, outbreak, spread, version, coderedii, iis, random, seed, webserver, infect, vulnerability, july, exploiting, microsoft, blackhole address space data, space, september, web, relationship, computers, email, infected, original, identify, source, 19th, summarized, appeared, sites, rapidly, crv2, contained, crv1, unpatched, consists, named, incarnation, machines, worms, 00, static, backdoors, finally, hosts, publicly, utc, morning, nimda, versions, left, august, files, individually, compromised, 4th, shared, 12th, studying, ii, string, variant, generator, virus, blackhole, network, running, shares