 |
It captured the password file and ran a password-guessing program on it using a dictionary of common words.
|
 |
It exploited the debug option in the UNIX sendmail program, allowing it to transfer a copy of itself.
|
 |
It carried out a buffer overflow attack through a vulnerability in the UNIX fingerd program.
|
 |
It found e-mail addresses from the computer Web cache and default Messaging Application Programming Interface (MAPI)
mailbox. It sent itself by e-mail with random subjects and an attachment named readme.exe. If the
target system supported the automatic execution of embedded MIME types, the attached worm would be automatically executed and
infect the target.
|
 |
It infected Microsoft IIS Web servers, selected at random, through a buffer overflow attack called a unicode Web traversal
exploit.
|
 |
It copied itself across open network shares. On an infected server, the worm wrote Multipurpose Internet Mail
Extensions (MIME)-encoded copies of itself to every directory, including network shares.
|
 |
It added JavaScript to Web pages to infect any Web browsers going to that Website.
|
 |
It looked for backdoors left by previous Code Red II and Sadmind worms.
|