The CodeRed word itself sounded like a hot red jelly seeds in jack and the beanstalk. I mean, frankly speaking, it is a worm that caused possible billions of dollars of damage in the summer of 2001. The malicious program is very sneaky and can stand alone which uses computer or network resources to make complete copies of itself. If the malicious program infected your system or network, it will turned your computer into a slave.
Meaning to say, the malicious program could steal what was on your computer or even use your computer to do bad things. If you were connected to the internet that day, you might as well get infected. The worm runs entirely in memory, and cannot be found on the disk. It is about 3,569 bytes long. Since the worm's code is not written to a hard disk (it exists only in memory) rebooting will eliminate the infection completely.
The virus launched itself on computer users in July, infecting up to 300,000 machines before bombarding the White House web site on July 19 with requests that threatened to overload the site's server. Code Red infected between 1 and 2 million computers and resulted in an estimated $2.75 billion in clean-up costs and lost productivity. This is out of a possible 6 million, as that is the number of IIS servers in existence at the time.
It contains the text string "Hacked by Chinese!", The phrase in the payload became an Internet meme indicating an online defeat. Sometimes it means being beaten in a game by a less-experienced player or someone with less skills. This phrase was still used as late as mid January in 2010. Some people believed that the worm originated in Makati City, Philippines (the same origin as the VBS/Loveletter worm).
The defaced web pages strongly suggest that it might come from China. China was a natural line of inquiry for US investigators, experts say that could simply be a red herring intended to lead investigators away from the worm's true origin. A chinese government spokesman said the country had no information about the worm.
The signature of the malicious virus log as:
GET
/default.ida?NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN
NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN
NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN%u9090%u6858%ucbd3%u7801%u9090
%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u9090%u8190%u00c3%u0003%u8b00%u531b%u53f
f%u0078%u0000%u00=a HTTP/1.0
The Code-Red worm is a wake-up call. This exploit demonstrates clearly the need to keep machines up-to-date with security developments. The worm stopped propagating on July 28, 2001 and goes into an infinite sleep mode. It cannot be awakened unless deliberately executed.
References:
“All Versions of Microsoft IIS Remote Buffer Overflow.” June 18, 2001.
http://www.eeye.com/html/Research/Advisories/AD20010618.html
Saita, Anne. “Code Red’s Costs and Hunt for Creator Mount.” Information Security
Magazine. Security Wire Digest, Vol. 3, No. 68. September 6, 2001.
The Code-Red worm is a wake-up call. This exploit demonstrates clearly the need to keep machines up-to-date with security developments. The worm stopped propagating on July 28, 2001 and goes into an infinite sleep mode. It cannot be awakened unless deliberately executed.
References:
“All Versions of Microsoft IIS Remote Buffer Overflow.” June 18, 2001.
http://www.eeye.com/html/Research/Advisories/AD20010618.html
Saita, Anne. “Code Red’s Costs and Hunt for Creator Mount.” Information Security
Magazine. Security Wire Digest, Vol. 3, No. 68. September 6, 2001.
