Code Red - Sixth Anniversary of Internet worm attacks - Security Protection

Common Tasks

Community

Email Notifications

Personal Links

Security Protection - Harry Waldron (CS)

Security Best Practices, Breaking News, & Updates

Code Red - Sixth Anniversary of Internet worm attacks

Code Red - Sixth Anniversary of Internet worm attacks

The Code Red attacks in July and August of 2001 represent one of the first completely automated major security attacks for Windows servers that were not completely up-to-date on security patches.

A critical security patch was issued by Microsoft on June 18, 2001 and the 1st Code Red worm surfaced about one month later on July 13, 2001. It was essentially a reverse engineering of the MS01-033 security patch to automatically manipulate the Windows NT and 2000 Index Server environment used by IIS 4 and 5. The peak number of infections was around 359,000 by July 19, 2001.

Code Red II was a much more potent attack launched on August 4, 2001. It was not just another variant of Code Red, as it was a complete redesign and rewrite of the original attack. Code Red II had a more sophisticated design for randomly calculating IP addresses.

The paradigmn presented by both Code Red and Nimda got administrators into the mode of applying patches expeditiously, at least for servers. Still, more lessons were learned about workstation patching when the Blaster worm surfaced in August 2003.

Hopefully, history will not repeat itself where you simply plug a PC/server into the Internet and you get zapped. One of Microsoft's TWC improvements helps here with XP SP2 and Vista's firewalls that help protect against potentially malicious traffic that constantly surfaces on inbound TCP/IP ports.

A key lesson learned is to constantly monitor the changing landscape associated with security risks. Something that's completely safe today may not be tomorrow. Finally I believe even after six years, that Code Red I or II may still yet reside in limited circulation on some of the unpatched servers out there.

Wiki Links for Code Red I and II
http://en.wikipedia.org/wiki/Code_Red_%28computer_worm%29
http://en.wikipedia.org/wiki/Code_Red_II_%28computer_worm%29
http://en.wikipedia.org/wiki/Notable_computer_viruses_and_worms#2001

MS01-033 - The key security bulletin exploited by these attacks
http://www.microsoft.com/technet/security/bulletin/MS01-033.mspx

Microsoft MVP Steve Friedl's Excellent Analysis
http://www.unixwiz.net/techtips/CodeRedII.html

Posted: Jul 20 2007, 05:23 PM by Harry Waldron | with no comments

Questions? Contact Susan at Susan-at-msmvps.com. Each post's copyright held by the original author. All rights reserved. Blog site is an independent site not sponsored by Microsoft.
Our servers would like to thank www.ownwebnow.com and www.exchangedefender.com. We wouldn't be here without the generosity of Vlad Mazek and his companies.

Powered by Community Server (Commercial Edition), by Telligent Systems

Theme based on the Paperclip Blog Theme included in Community Server.
Enhanced to a Site-Wide Theme by Interscape Technologies.