"John (EBo) David" wrote:
> 
> Ok... what is the difference between CRv1/CRV2 and CRII?
> 
----
CRv1 uses NNNNNN to overflow the input string

CRv2 uses XXXXXX

CRv2 has a bigger payload which includes root exploit and results in a
compromised box even though it has been patched and rebooted.

CRv1 allowed Microsoft and the media tell everyone that the Code Red
Worm isn't really so bad when in reality, it's gonna leave a lot of
compromised boxes around that people didn't recognize were compromised
and even if they figure it out, will install a patch that will only
prevent further infestation when in fact, there still will remain the
scripts executable from any web browser or telnet session to port 80 and
my particular favorite, a new version of explorer.exe.

Craig