CODE RED VIRUS

When was this worm first found?

Why is it called Code Red?

• This virus was first observed on July 13th 2001
• While it was first found on July 13th, the largest group of infected computers was seen on July 19, 2001. On this day, the number of infected hosts reached 359,000

The worm affected many of the people across the globe using Microsoft at that time

• The Code Red worm was first discovered and researched by eEye Digital Security employees Marc Maiffret and Ryan Permeh. They named it "Code Red" because Code Red Mountain Dew was what they were drinking at the time

This is a visualization of the geographic spread of the worm in about 5 minutes

How do you describe this Code Red Worm?

• "Imagine a cold that kills. It spreads rapidly and indiscriminately through droplets in the air, and you think you're absolutely healthy until you begin to sneeze. Your only protection is complete, impossible isolation," says Jane Jorgensen (noted philanthropist and prominent member of the Fort Wayne, Ind., community)

This is the drink the worm was named after

Interesting Facts

What were the main goals of Code Red?

• The cost of this worm reached about $2.6 billion dollars
• The damage of this worm reached $10.7 billion dollars in damage
• It was among the first worms to spread rapidly because it only required a network connection instead of a human opening attachment
• The Code Red worm replicated itself more than 250,000 times in nine hours

Citations

• Replicate itself for the first 20 days of each month
• Replace Web pages on infected servers with a page featuring the message "Hacked by Chinese"
• Launch a concerted attack on the White House Web site in an attempt to overwhelm it

What IS Code Red virus?

• The Code Red worm slowed down Internet traffic when it began to replicate itself, but not nearly as badly as predicted. Each copy of the worm scanned the Internet for Windows NT or Windows 2000 servers that did not have the Microsoft security patch installed. Each time it found an unsecured server, the worm copied itself to that server. The new copy then scanned for other servers to infect. Depending on the number of unsecured servers, a worm could conceivably create hundreds of thousands of copies, which it did.

• Basically this worm found a hole in the Microsoft Software and entered most server and computers using Microsoft at that time

• http://computer.howstuffworks.com/worst-computer-viruses4.htm
• http://www.scientificamerican.com/article/code-red-worm-assault-on/
• http://en.wikipedia.org/wiki/Code_Red_(computer_worm)
• http://www.f-prot.com/virusinfo/descriptions/codered.html

You would see this when you were infected by the Code Red Worm

Interesting Facts (continued)

• CodeRed was deemed by the FBI to be so dangerous that it could bring down the entire Internet due to the increased traffic from the scans
• eEye believed that the worm originated in Makati City, Philippines, but the defaced web pages strongly suggest that it might come from Chin

Code Red Worm