
	Where results make sense

Topic: Code Red worm

Related Topics

Code Red II

SQL slammer worm

Blaster worm

Sobig worm

Timeline of notable computer viruses and worms

Sasser worm

Morris worm

Mydoom

Sircam

Melissa worm

Sven Jaschan

IP address

Elk Cloner

Acme virus

CIH virus

In the News (Wed 23 Dec 09)

Northern Trust

Marvin Harrison

Peter Chernin

Gary Locke

Match Play

Penelope Cruz

Mickey Rourke

AR Rahman

Danny Boyle

Hugh Jackman

	Cisco Security Advisory: "Code Red" Worm - Customer Impact (Site not responding. Last check: 2007-10-20)
		The worm does not check for pre-existing infection, so that any given system may be executing as many copies of the worm as have scanned it, with a compounding effect on system and network demand.
		A newer variant named Code Red II is known to exploit the same vulnerability as the other Code Red strains, however the effects and damage to the local webserver are different.
		The nature of the "Code Red" worm's scan of random IP addresses and the resulting sharp increase in network traffic can noticeably affect Cisco routers running Cisco IOS software, depending on the device, its current configuration, and the topology of the network.
	www.cisco.com /warp/public/707/cisco-code-red-worm-pub.shtml (1783 words)

	Cisco - Dealing with mallocfail and High CPU Utilization Resulting From the "Code Red" Worm
		When the "Code Red" worm infects a host, it causes the host to begin probing and infecting a random series of IP addresses, which causes a sharp increase in network traffic.
		It may not always be possible to run netflow to detect a "Code Red" infestation attempt because you may be running a version of code that does not support netflow, or because the router has insufficient or excessively fragmented memory to enable netflow.
		A side note, unrelated to "Code Red", and pertaining to IRB architectures: Since Layer 2 multicast and broadcast packets have to be replicated, there could be a problem with IPX servers running on a broadcast segment that could bring the link down.
	www.cisco.com /warp/public/63/ts_codred_worm.shtml (3295 words)

	Howstuffworks "How Computer Viruses Work"
		Worms - A worm is a small piece of software that uses computer networks and security holes to replicate itself.
		Worms use up computer time and network bandwidth when they are replicating, and they often have some sort of evil intent.
		The most common version of Code Red is a variation, typically referred to as a mutated strain, of the original Ida Code Red that replicated itself on July 19, 2001.
	computer.howstuffworks.com /virus4.htm (1221 words)

	Crypto-Gram: August 15, 2001
		The Code Red worm was programmed to flood www.whitehouse.gov in a massively coordinated distributed denial-of-service attack at 8:00 PM on July 19.
		Since the original Code Red attack, there have been several new (and nastier) variants of the worm discovered, predictions of the entire Internet clogging, admonitions for system administrators to patch their IIS systems to prevent the worm's spreading, and reams of columnists trying to make sense of it all.
		Code Red ushers in a new form of attack: a preprogrammed worm that unleashes a distributed attack against a predetermined target.
	www.schneier.com /crypto-gram-0108.html (5730 words)

	Code Red III Worm (Site not responding. Last check: 2007-10-20)
		Although the new version is capable of causing more damage than the earlier version of the worm, systems which have been protected against earlier versions of Code Red are already protected against this new variant.
		There are many conflicting reports of various Code Red versions you may see in the national media which may make you wonder which version is being discussed.
		Although the fix that corrected the vulnerability which allowed the original "Code Red" to be spread also prevents attack by the new version, many systems were apparently never updated to protect against the original Code Red worm, and therefore the new version was able to hit over 400,000 servers in less than 24 hours.
	www.bsu.edu /security/article/0,1384,39163-5191-11287,00.html (497 words)

	'Code Red' worm exploits Microsoft coding flaw (Site not responding. Last check: 2007-10-20)
		The "Code Red" worm, which has infected almost 150,000 Internet computers since hitting for the second time Tuesday night, couldn't have spread without a Microsoft programming error, experts said yesterday.
		Officials had worried yesterday's outbreak would be as crippling as Code Red's first appearance, on July 19, when over 250,000 machines were infected in its first nine hours.
		Code Red is programmed to keep trying to infect computers until the 19th of the month.
	seattlepi.nwsource.com /business/33622_worm02.shtml (905 words)

	CAIDA : analysis : security : code-red (Site not responding. Last check: 2007-10-20)
		The first version of the worm spread slowly, because each infected machine began to spread the worm by probing machines that were either infected or impregnable.
		Although the new worm is completely unrelated to the original Code-Red worm, the source code of the worm contained the string "CodeRedII" which became the name of the new worm.
		CAIDA's ongoing analysis of the Code-Red worms includes a detailed analysis of the spread of Code-Red version 2 on July 19, 2001, a follow-up survey of the patch rate of machines infected on July 19th, and dynamic graphs showing the prevalence of Code-Red version 2 and CodeRedII worldwide.
	www.caida.org /analysis/security/code-red (2320 words)

	"Code Red" worm claims 12,000 servers \| CNET News.com
		Known as the "Code Red" worm because of evidence that it may have been launched from China, the self-spreading program infects servers using unpatched versions of Microsoft's Internet Information Server software and defaces the Web sites hosted by the servers.
		The worm spreads by selecting 100 IP addresses, scanning the computers associated with them for the hole, and spreading to the vulnerable machines.
		Maiffret said that while the addresses of the computers attacked by the worm seem to be random, because the worm uses the same starting point, or "seed," to generate the list, the "random" lists that any two worms generate are identical.
	news.com.com /2100-1001-270170.html (732 words)

	On-line Code-Red Worm Self-Test by SecuritySpace
		The Code Red Worm is a self-replicating piece of software that infects IIS web servers by exploiting a well-known vulnerability, known as the IIS ISAPI buffer overflow.
		The worm, once infecting the host, will perform one of several different actions, depending on the version of the worm involved, the language of the system in use, and the value of the system clock.
		Code Red II There are several known variants of the worm in the wild.
	www.securityspace.com /smysecure/code_red.html (447 words)

	New variant of Code Red worm found
		The same company that discovered the original Code Red worm, which has been wreaking havoc worldwide this week, said late Friday that it has identified a variant of the worm which is harder to track.
		The new worm has only had about 13 bytes of code changed from the original, and is employing capabilities that were in the original worm, Maiffret said.
		Though the code that enables the new functions of the worm has always been there, Maiffret believes that the new worm is a rerelease of the original, rather than part of a natural progression.
	www.networkworld.com /news/2001/0720red.html (806 words)

	Web worm targets White House \| CNET News.com
		As previously reported, servers infected by the so-called Code Red worm--estimated to be at least 225,000 computers--were scheduled to flood a specific Internet address representing the White House Web site with a deluge of data starting at 5 p.m.
		As for the instructions, the Code Red worm was written to flood the Whitehouse.gov site with a massive amount of data, overwhelming it to the point where it could not be accessed.
		However, the data flood never occurred because the worm checked for a valid connection before sending data--what could be considered a design flaw on the part of the author.
	news.com.com /2100-1001-270272.html (841 words)

	PC World - Code Red Worm Crawls Again
		The specific IP address targeted by Code Red, previously occupied by whitehouse.gov, is no longer active.
		Code Red, discovered in mid-July, made its biggest splash after infecting more than 300,000 computers worldwide in August.
		What some people are calling Code Red III is the same as Code Red II, she says.
	www.pcworld.com /news/article/0,aid,58628,00.asp (775 words)

	PC World - Code Red Worm Changes Colors
		In addition, Code Blue acts to counter the effects of Code Red by deleting the worm if it is present and changing files to prevent future infections, according to Moscow-based antivirus firm Kaspersky Labs.
		Code Red was first discovered in mid-July, but made its biggest splash after infecting hundreds of thousands of computers worldwide in August.
		Code Blue is deemed more threatening to users than earlier Code Red variants because, unlike Code Red, Code Blue gradually increases its usage of system resources and, if not stopped, can bring computers running Windows NT or Windows 2000 to a halt, the Kingsoft statement says.
	www.pcworld.com /news/article/0,aid,61163,00.asp (804 words)

	CNN.com - 'Code Red' worm 'minimized' -- for now - August 6, 2001
		WASHINGTON (CNN) -- Although its threat appears to be abating, the "Code Red" computer worm still has a few twists left and could target vulnerable systems around the world during the next few days, experts said Thursday.
		"We are cautiously optimistic that the impact of the infection stage of this particular variant of the Code Red worm...
		When the Code Red worm made its debut last month, it swept through 250,000 computers in nine hours, forced the White House to take evasive action and the Pentagon to take its public Web sites off-line temporarily.
	www.cnn.com /2001/TECH/internet/08/02/code.red.worm/index.html (820 words)

	Code Red II (computer worm) - Wikipedia, the free encyclopedia
		Code Red II is a computer worm similar to the Code Red worm.
		Released two weeks after Code Red on August 4, 2001, although similar in behaviour to the original, analysis showed it to be a new worm instead of a variant.
		Where the original worm tried to infect other computers at random, Code Red II tried to infect machines on the same subnet as the infected machine.
	en.wikipedia.org /wiki/Code_Red_II_(computer_worm) (189 words)

	Full analysis of the Code Red worm (Site not responding. Last check: 2007-10-20)
		code to exploit the.ida attack and uses this worm as its payload.
		At this point we are executing the initial code of the worm.
		This worm is based off of hsj's "proof of concept".ida exploit.
	www.yale.edu /its/security/alerts/Bugtrac_CodeRed.html (2979 words)

	The Code Red Worm
		The worm code executes only in memory and is not written to disk so no residue of the worm will be found by examining the disk.
		All 100 threads of the worm code participate in the denial of service attacks which continue until the system is rebooted.
		This worm is only in memory on a system and is not written to disk, so simply rebooting a system removes the worm and restores the system.
	www.ciac.org /ciac/bulletins/l-117.shtml (1443 words)

	'Code Red II' spreading quickly, causing damage (Site not responding. Last check: 2007-10-20)
		Computers infected with the worm are being used to attack other parts of the Internet, experts said, with the second generation of the virus proving even more malicious and resilient than its predecessor.
		He was referring to attacks launched by Code Red which are designed to shut down Web sites by overwhelming them with excessive traffic, prompting a denial of service.
		The economic damage caused by the Code Red worms has risen to near $2 billion, up from an estimated $1.2 billion as of a week earlier, according to Computer Economics, a California research company that keeps a tally of computer viruses.
	www.usatoday.com /tech/news/2001-08-08-code-red-2.htm (725 words)

	'Code Red' worm exploits Windows NT flaw
		A MALICIOUS WORM, named Code Red, that exploits a buffer overflow vulnerability in certain configurations of Microsoft's Windows NT and Windows 2000 operating systems is spreading rapidly over the Internet, according to the CERT Coordination Center (CERT/CC).
		Code Red can also initiate "severe denial of service" attacks as it scans non-compromised systems and networks for the IIS Indexing Service DLL buffer overflow vulnerability, CERT/CC said.
		Code Red attacks the White House Web site by sending 100 simultaneous connections to its Web server, the NIPC said in a statement, adding the worm was programmed to begin the attack at 0:00 am GMT on July 20.
	www.infoworld.com /articles/hn/xml/01/07/20/010720hnworm.html (921 words)

	CERT Advisory CA-2001-19 "Code Red" Worm Exploiting Buffer Overflow In IIS Indexing Service DLL
		The "Code Red" worm attempts to connect to TCP port 80 on a randomly chosen host assuming that a web server will be found.
		Other worm activity on a compromised machine is time senstive; different activity occurs based on the date (day of the month) of the system clock.
		Furthermore, it is important to note that while the "Code Red" worm appears to merely deface web pages on affected systems and attack other systems, the IIS indexing vulnerability it exploits can be used to execute arbitrary code in the Local System security context.
	www.cert.org /advisories/CA-2001-19.html (1219 words)

	Code Red Worm FAQ
		A. Code Red is designed to attack the address 198.137.240.91, which was the numeric Internet address for www.whitehouse.gov.
		A. Code Red II is a variant on the original worm that creates a backdoor in a server so that a hacker can easily access the server and do damage if he or she chooses.
		While this worm is targeted at Web servers on Windows 2000 and Windows NT 4.0 computers, the bulk of home users will not be affected by the worm, however it's a good idea to ensure that you have an anti-virus program installed and up-to-date at all times as new viruses appear every day.
	www.cyberwalker.net /faqs/how-tos/code-red-worm.html (1035 words)

	Code Red Worm (Site not responding. Last check: 2007-10-20)
		The Code Red Worm and mutations of the worm pose a continued and serious threat to Internet users.
		Users who have deployed software that is vulnerable to the worm (Microsoft IIS Versions 4.0 and 5.0) must install, if they have not done so already, a vital security patch.
		Code Red is likely to start spreading again on July 31st, 2001 8:00 PM EDT and has mutated so that it may be even more dangerous.
	www.ez-pc.org /bd/ez/codered.asp?printable=yes (763 words)

	Code Red worm propagation modeling and analysis (Site not responding. Last check: 2007-10-20)
		Because the code red worm was programmed to stop spreading after 00:00 UTC on July 20th, so the infected host number stopped increasing after that time.
		It means that the worm on an infected host will keep trying to find and infect other vulnerable ones, which is the case for Code Red worm spreading during July 19th.
		We let each worm random pick one host in the hosts space to infect at the end of each infection delay time, which is the time of the worm scanning process.
	tennis.ecs.umass.edu /~czou/research/codered (3196 words)

	GRC \| My Code Red Advisory (Site not responding. Last check: 2007-10-20)
		Unlike the first worm, which reproduces for the first 19 days of the month, or the second worm which cruises around the Internet installing Trojan trap doors into unpatched IIS servers, this third worm launches a localized denial of service "ARP Flood" attack within the "subnets" where it is located.
		Note that shutting down the worm on the 20th was nothing we (humanity) did.
		Since the code does call for all worms to shut down PERMANENTLY on and after the 28th (though there's another "one byte switch" waiting in the code to disable that too!), the worm's author may not have intended this worm to continue living...
	www.grc.com /codered/codered.htm (1798 words)

	Code Red Worm Set to Return
		The Code Red worm was not clever enough to do more than attempt to send packets to a fixed IP address.
		The arrival of Code Red and its variant has security experts not only preparing defenses as they would any other computer virus, but also debating how much the public should be told about software vulnerabilities in vendor products.
		Although the worm leaves a message stating it originated with Chinese hackers, there is no evidence yet that Code Red came from mainland China.
	www.thestandard.com /article/0,1902,28160,00.html (1004 words)

	CERT Advisory CA-2001-23 Continued Threat of the "Code Red" Worm
		Different organizations who have analyzed "Code Red" have reached different conclusions about the behavior of infected machines when their system clocks roll over to the next month.
		Since the worm is programmed to continue propagating for the first 19 days of the month, widespread denial of service may result due to heavy scan traffic.
		With "Code Red," ingress filtering will prevent instances of the worm outside of your network from infecting machines in the local network that are not explicitly authorized to provide public web services.
	www.cert.org /advisories/CA-2001-23.html (1437 words)

	Analysis of the new "Code Red II" Variant
		In addition, there are reports from Reuters that suggest a second Code Red II infecting China and parts East, but this is almost certainly just very delayed reaction to the released-Saturday Code Red II.
		All indications are that this worm has the same infection mechanism as the original Code Red, which means that it exploits the same vulnerability in IIS.
		Whether Code Red II will cause @Home and others to clamp down on this violation of their terms and conditions remains to be seen.
	www.unixwiz.net /techtips/CodeRedII.html (2520 words)

	Symantec Security Response - CodeRed Worm
		Computers that were infected by CodeRed have stopped propagating this worm as of July 28, 2001, due to its logic of going into infinite sleep mode.
		The malicious code is not saved as a file, but is inserted into and then run directly from memory.
		The code is not saved as a file, but is inserted into and run directly from memory.
	www.sarc.com /avcenter/venc/data/codered.worm.html (1929 words)

Try your search on: Qwika (all wikis)