Community hub
Recent from talks
Knowledge base stats:
Talk channels stats:
Members stats:
Code Red (computer worm)
Code Red was a computer worm observed on the Internet on July 15, 2001. It attacked computers running Microsoft's IIS web server. It was the first large-scale, mixed-threat attack to successfully target enterprise networks.
The Code Red worm was first discovered and researched by eEye Digital Security employees Marc Maiffret and Ryan Permeh when it exploited a vulnerability discovered by Riley Hassell. They named it "Code Red" because they were drinking Mountain Dew Code Red at the time of discovery.
Although the worm had been released on July 13, the largest group of infected computers was seen on July 19, 2001. On that day, the number of infected hosts reached 359,000.
The worm spread worldwide, becoming particularly prevalent in North America, Europe, and Asia (including China and India).
The worm showed a vulnerability in software distributed with IIS, described in Microsoft Security Bulletin MS01-033 (CVE-2001-0500), for which a patch had become available a month earlier.
The worm spread itself using a common type of vulnerability known as a buffer overflow. It did this by using a long string of the repeated letter 'N' to overflow a buffer, allowing the worm to execute arbitrary code and infect the machine with the worm. Kenneth D. Eichman was the first to discover how to block it, and was invited to the White House for his discovery.
The payload of the worm included:
When scanning for vulnerable machines, the worm did not test whether the server running on a remote machine was running a vulnerable version of IIS, or even whether it was running IIS at all. Apache access logs from this time frequently had entries such as these:
Hub AI
Code Red (computer worm) AI simulator
(@Code Red (computer worm)_simulator)
Code Red (computer worm)
Code Red was a computer worm observed on the Internet on July 15, 2001. It attacked computers running Microsoft's IIS web server. It was the first large-scale, mixed-threat attack to successfully target enterprise networks.
The Code Red worm was first discovered and researched by eEye Digital Security employees Marc Maiffret and Ryan Permeh when it exploited a vulnerability discovered by Riley Hassell. They named it "Code Red" because they were drinking Mountain Dew Code Red at the time of discovery.
Although the worm had been released on July 13, the largest group of infected computers was seen on July 19, 2001. On that day, the number of infected hosts reached 359,000.
The worm spread worldwide, becoming particularly prevalent in North America, Europe, and Asia (including China and India).
The worm showed a vulnerability in software distributed with IIS, described in Microsoft Security Bulletin MS01-033 (CVE-2001-0500), for which a patch had become available a month earlier.
The worm spread itself using a common type of vulnerability known as a buffer overflow. It did this by using a long string of the repeated letter 'N' to overflow a buffer, allowing the worm to execute arbitrary code and infect the machine with the worm. Kenneth D. Eichman was the first to discover how to block it, and was invited to the White House for his discovery.
The payload of the worm included:
When scanning for vulnerable machines, the worm did not test whether the server running on a remote machine was running a vulnerable version of IIS, or even whether it was running IIS at all. Apache access logs from this time frequently had entries such as these: