Code Red Dataset (2001-07-19 to 2001-08-19)

This dataset contains information useful for studying the spread of the Code-Red version 2, and CodeRedII worms. The dataset consists of a publicly available set of files that contain summarized information that does not individually identify infected computers. The first incarnation of the Code-Red worm (CRv1) began to infect hosts running unpatched versions of Microsoft's IIS webserver on July 12th, 2001. The first version of the worm uses a static seed for it's random number generator. Then, around 10:00 UTC in the morning of July 19th, 2001, a random seed variant of the Code-Red worm (CRv2) appeared and spread. This second version shared almost all of its code with the first version, but spread much more rapidly. Next, on August 4th, a new worm began to infect machines exploiting the same vulnerability in Microsoft's IIS webserver as the original Code-Red virus. Although the new worm had no relationship to the first one outside of exploiting the same vulnerability, it contained in its source code the string "CodeRedII" and was thus named CodeRed II. Finally, on September 18, 2001, the Nimda worm began to spread via backdoors left by CodeRedII, as well as via email, open network shares, and compromised web sites.