Most Dangerous Computer Viruses (Part 2)

0 14
Avatar for Zonure
Written by
3 years ago
Topics: ComputerFacts

Code Red

Code Red was a computer worm on the Internet on 15 July 2001. It attacked computers running the IIS web server of Microsoft. It was the first large-scale, mixed-threat attack to successfully target enterprise networks.

Code Red worm was first discovered and researched by eEye Digital Security employees Marc Maiffret and Ryan Permeh when they exploited the vulnerabilities found by Riley Hassell. They called it "Code Red" because Code Red Mountain Dew was what they were drinking at the time.

Although the worm was released on July 13, the largest group of infected computers was released on July 19, 2001. The number of infected hosts reached 359,000 that day.

The worm showed a vulnerability in the growing IIS-distributed software described in Microsoft Security Bulletin MS01-033, for which a patch was available a month earlier.

The worm spreads itself using a common type of vulnerability known as buffer overflow. This was done by using a long string of the repeated letter 'N' to overflow the buffer, allowing the worm to execute arbitrary code and infect the machine with the worm. Kenneth D. Eichman was the first to discover how to block it, and he was invited to the White House for his discovery.

Code Red II emerged on 4 August 2001. While the same injection vector was used, it had a completely different payload. It pseudo-randomly selected targets on the same or different subnets as infected machines based on a defined probability distribution, favoring targets on its own subnet more often than not. In addition, it used the pattern of repeating 'X' characters instead of 'N' characters to overflow the buffer.

The most memorable symptom is the message left behind on the affected web pages, "Hacked By Chinese!" which has become a joke. A patch was published later, and it was reported to have caused $2 billion in lost production. A total of 1-2 million servers have been impacted, which is impressive when you realize there were 6 million IIS servers at the time.

EEye claimed that the worm originated in Makati City, Philippines, with the same root as the worm VBS/Loveletter (aka "ILOVEYOU").

2
$ 0.00
Avatar for Zonure
Written by
3 years ago
Topics: ComputerFacts

Comments