Dataset Details

To request access this dataset you will need to login with an IMPACT account. Accounts are free. If you don't have one please register.


Code Red Dataset
UCSD - Center for Applied Internet Data Analysis
UCSD - Center for Applied Internet Data Analysis
35 (lowest rank is 40)

Category & Restrictions

Blackhole Address Space Data


Data for the CodeRed Worm outbreak

This dataset contains information useful for studying the spread of the
                     Code-Red version 2, and CodeRedII worms. The dataset consists of a
                     publicly available set of files that contain summarized information that
                     does not individually identify infected computers.
                     The first incarnation of the Code-Red worm (CRv1) began to infect hosts
                     running unpatched versions of Microsoft's IIS webserver on July 12th, 2001.
                     The first version of the worm uses a static seed for it's random number
                     generator. Then, around 10:00 UTC in the morning of July 19th, 2001,
                     a random seed variant of the Code-Red worm (CRv2) appeared and spread.
                     This second version shared almost all of its code with the first version,
                     but spread much more rapidly. Next, on August 4th, a new worm began to
                     infect machines exploiting the same vulnerability in Microsoft's IIS
                     webserver as the original Code-Red virus. Although the new worm had no
                     relationship to the first one outside of exploiting the same vulnerability,
                     it contained in its source code the string "CodeRedII" and was thus named
                     CodeRed II. Finally, on September 18, 2001, the Nimda worm began to spread
                     via backdoors left by CodeRedII, as well as via email, open network shares,
                     and compromised web sites.

Additional Details