Overview[]
The Code Red worm was a computer worm first observed on the Internet on July 13, 2001. It attacked computers running Microsoft's IIS web server. The worm spread itself using a common type of vulnerability known as a buffer overflow. It did this by using a long string of the repeated character 'N' to overflow a buffer, allowing the worm to execute arbitrary code and infect the computer. The worm propagated and infected systems faster than anyone's ability to download and install the necessary corrective patches.
The worm "infected more than 359,000 computers in less than 14 hours and 2,000 new infections per minute occurred during the height of its attack."[1]
References[]
External resources[]
- CERT® Advisory CA-2001-19 "Code Red" Worm Exploiting Buffer Overflow In IIS Indexing Service DLL (July 19, 2001, revised, Jan. 17, 2002) (full-text).
- CERT® Advisory CA-2001-23 Continued Threat of the "Code Red" Worm (July 26, 2001, revised, Jan. 17, 2002) (full-text).
- CERT® Incident Note IN-2001-10: "Code Red" Worm Crashes IIS 4.0 Servers with URL Redirection Enabled (Aug. 16, 2001) (full-text).
- CERT® Incident Note IN-2001-09: "Code Red II:" Another Worm Exploiting Buffer Overflow In IIS Indexing Service DLL (Aug. 6, 2001) (full-text).