To request access this dataset you will need to login with an IMPACT account. Accounts are free. If you don't have one please register.
Data for the CodeRed Worm outbreak
This dataset contains information useful for studying the spread of the
Code-Red version 2, and CodeRedII worms. The dataset consists of a
publicly available set of files that contain summarized information that
does not individually identify infected computers.
The first incarnation of the Code-Red worm (CRv1) began to infect hosts
running unpatched versions of Microsoft's IIS webserver on July 12th, 2001.
The first version of the worm uses a static seed for it's random number
generator. Then, around 10:00 UTC in the morning of July 19th, 2001,
a random seed variant of the Code-Red worm (CRv2) appeared and spread.
This second version shared almost all of its code with the first version,
but spread much more rapidly. Next, on August 4th, a new worm began to
infect machines exploiting the same vulnerability in Microsoft's IIS
webserver as the original Code-Red virus. Although the new worm had no
relationship to the first one outside of exploiting the same vulnerability,
it contained in its source code the string "CodeRedII" and was thus named
CodeRed II. Finally, on September 18, 2001, the Nimda worm began to spread
via backdoors left by CodeRedII, as well as via email, open network shares,
and compromised web sites.