Sign up to save your podcasts
Or
Share DP53 Code Red Worm
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
DP53 Code Red Worm
If Anna Kournikova and Sircam wasn’t enough, people were also bombarded with a worm known as Code Red. Though there is a bit of a relief with this worm as it attacked computers who were running Microsoft’s IIS web server. Meaning it didn’t affect the average user’s computer unless you were coding websites at the time.
The worm was first discovered and researched by eEye Digital Security employees Marc Maiffret and Ryan Permeh. However it didn’t start causing damage until Riley Hassell came in and discovered a vulnerability that the worm then exploited.
Since this worm wasn’t an email virus like the others, there wasn’t a particular name for this worm. Instead it was named after coincidences. In this instance the group was drinking Code Red Mountain Dew at the time that this worm exploited the vulnerability. Hence the name Code Red Worm.
The worm worked slowly. It was released on July 13th, but it only started to wreak havoc on the 15th of July. The peak of its damage hit on the 19th of July where the infected hosts reached 359,000 computers.
So how was this worm able to really spread? Well, again the virus spread through exploiting a vulnerability in the system and there was a patch for that particular vulnerability made one month before this virus even hit.
In other words, those computers likely didn’t bother downloading that patch and suffered for not doing so.
When the computer was infected, the worm spread itself using a vulnerability tactic known as buffer overflow. This tactic is basically overwhelming an infected system using a long string of arbitrary code. In this case this worm overflowed the buffer with the letter ’N’.
From these causes, the worm would perform a handful of activities. First it would deface the web site it infected. Instead of a typical website you’d get a blank screen and the following message:
HELLO! Welcome to http://www.worm.com! Hacked By Chinese!
Other activities the worm did during the month depended on the day.
From the 1st to the 19th, the worm would work to spread itself to IIS servers on the Internet. This was why the peak of it’s infection was hit on the 19th and was then contained before it could cause any further damage.
From the 20th to the 27th, users would get a denial of service attacks on many fixed IP addresses. The IP address of the White House’s web server was among those attacked during that time. This was when they brought in a professional who uncovered all of this information and took steps to prevent any more damage.
From the 28th until the end of the month the worm was sleep and there were no active attacks.
What’s also worth noting is that the Code Red worm was eventually followed up by a variant named Code Red 2. It behaved in a similar fashion but had different end results. I’ll expand on that virus in a future episode.
While this worm was self-contained to web servers, the lesson this worm teaches us is to make sure that we stay updated on our security programs. Remember, every update whether it’s on a WordPress site, an app, or our computer typically tightens up security with more features to protect ourselves from attacks.
View all episodes
By dpappIf Anna Kournikova and Sircam wasn’t enough, people were also bombarded with a worm known as Code Red. Though there is a bit of a relief with this worm as it attacked computers who were running Microsoft’s IIS web server. Meaning it didn’t affect the average user’s computer unless you were coding websites at the time.
The worm was first discovered and researched by eEye Digital Security employees Marc Maiffret and Ryan Permeh. However it didn’t start causing damage until Riley Hassell came in and discovered a vulnerability that the worm then exploited.
Since this worm wasn’t an email virus like the others, there wasn’t a particular name for this worm. Instead it was named after coincidences. In this instance the group was drinking Code Red Mountain Dew at the time that this worm exploited the vulnerability. Hence the name Code Red Worm.
The worm worked slowly. It was released on July 13th, but it only started to wreak havoc on the 15th of July. The peak of its damage hit on the 19th of July where the infected hosts reached 359,000 computers.
So how was this worm able to really spread? Well, again the virus spread through exploiting a vulnerability in the system and there was a patch for that particular vulnerability made one month before this virus even hit.
In other words, those computers likely didn’t bother downloading that patch and suffered for not doing so.
When the computer was infected, the worm spread itself using a vulnerability tactic known as buffer overflow. This tactic is basically overwhelming an infected system using a long string of arbitrary code. In this case this worm overflowed the buffer with the letter ’N’.
From these causes, the worm would perform a handful of activities. First it would deface the web site it infected. Instead of a typical website you’d get a blank screen and the following message:
HELLO! Welcome to http://www.worm.com! Hacked By Chinese!
Other activities the worm did during the month depended on the day.
From the 1st to the 19th, the worm would work to spread itself to IIS servers on the Internet. This was why the peak of it’s infection was hit on the 19th and was then contained before it could cause any further damage.
From the 20th to the 27th, users would get a denial of service attacks on many fixed IP addresses. The IP address of the White House’s web server was among those attacked during that time. This was when they brought in a professional who uncovered all of this information and took steps to prevent any more damage.
From the 28th until the end of the month the worm was sleep and there were no active attacks.
What’s also worth noting is that the Code Red worm was eventually followed up by a variant named Code Red 2. It behaved in a similar fashion but had different end results. I’ll expand on that virus in a future episode.
While this worm was self-contained to web servers, the lesson this worm teaches us is to make sure that we stay updated on our security programs. Remember, every update whether it’s on a WordPress site, an app, or our computer typically tightens up security with more features to protect ourselves from attacks.