Code Red Virus released on July 13, 2001. It attacked computers running in Microsoft IIS web server. The virus was discovered by Marc Maiffret and Ryan Fermeh of eEye Digital security they named the virus after a softdrink (Pepsi Mountain Dew CodeRed).
The virus points out the reference coming from China. Specifically it carries the code contained the phrase “Hacked by Chinese”. After two weeks another code red virus appears on August 4, 2001, Code Red II, it has the same injection process with first but has a completely different payload.
Both of these viruses are exploiting the operating system vulnerability found in Windows 2000 and Windows NT. The weakness in the OS was down to a buffer overflow problem that caused the system to overwrite memory when the machine breached its buffer threshold.
The original Code Red worm initiated a distributed denial of service (DDoS) attack on the White House. This caused all the computers in the White House infected with Code Red, to contact the White House’s Web servers at the same time, overloading the machines.
Windows 2000 machines were the hardest hit, once infected with the Code Red 2 worm these computer’s would no longer obey the user. This happens because the worm creates a back-door into the computer’s operating system allowing a remote user to gain access and control the machine. The person behind the virus can then gather private data from the user and can also use the infected computer to commit crimes. This means that the victim not only has to face the problems of having an infected computer, but they may also have to deal with hassle of being suspected of committing a crime they didn’t commit.
Windows NT machines, while also being vulnerable to Code Red, were not effected as bad. The virus caused Web servers to crash more often but apart from that, the effects were not nearly as bad as those experienced by Windows 2000 users. Microsoft release a patch to fix the troublesome security vulnerability. With the patch installed Code Red could no longer infect the computer, but the patch didn’t remove viruses from infected computers - victims had to do that themselves.
There were over 400,000 hosts were infected in less than 14 hours after its release. It has the virus spread rate of 2,000 new hosts infected each minute. According to David Moore (from USCSD CSE) 43% of the total infected hosts were in the United States, 11% in Korea, 5% in China, 4% Taiwan. The .NET Top Level Domain(TLD) accounted for 19 % of the total compromised machines. Followed by .COM with 14%, .EDU with 2 %, 0.04% on .MIL and 0.05% on .GOV. The costs of damages reaches to $1.2 billion on the Code Red and $8.7 billion on the Code Red II.
There was no particular news of action to who is responsible. The source was China but the difficulty to point out who created the virus due to lack of evidence. The Government on both sides kept it classified until now.
No comments:
Post a Comment