Sunday, July 15, 2012

Code Red(computer worm)


This is an animation of the geographic spread of the worm (CODE RED VIRUS) in five minutes interval between midnight on July 19,2001 and midnight on July 20,2001.

     Code Red is a computer worm that contains the text string "Hacked by Chinese" which is displayed on the web pages. It has the capacity to run entirely in the memory and cannot be found on the disk.The creator of this worm is unknown. But it is said that the original attacker's address was belong to a server in University of Foshan in China.

     It was Marc Maiffret and Ryan Permeh who discoverd and researched about Code Red virus. They are eEye Digital Security employees and they named it "code red" because they were drinking Code Red Mountain Dew that time. Code Red was released on July 13,2001 and was seen on July 19,2001. More than 359,000 computers were infected with this worm in less than 14 hours on July 19,2001.As the time moves, it was observed that more than 2,000 new hosts were infected each minute.
  • 43% infected hosts were in U.S
  • 11% originated in Korea followed by:
  • 5% in China
  • 4% in Taiwan
  • The .NET Top Level Domain got 19% and was followed by:
  • 14% in .COM
  • 2% in .EDU
  • 0.04% in .MIL
  • 0.05% in .GOV


Another image to the right was an example of an infected website by Code Red virus.

     This virus spreads using a common type of vulnerability called "buffer overflow" using a long string of the repeated characters 'N' to overflow a buffer. That will execute arbitrary code and start to infect the machine. The worm will try to create 100 threads or copies of itself and it may create many more because of the bug in it's code.

     Just imagine the first image is a picture of infected computers in 5 minutes. How about on the following hours, days and weeks?However, a senior security engineer Kenneth D. Eichman was able to block this virus. At first he was not totally worried about this but as days past by, he notice that it is targeting his company's network.

     Code Red virus extremely affects in the year 2001. It results to number of infected computers and it needs to be clean. As I observe in the illustration, it involves many computers and many opportunities for those people who made this malware. For them, it is for fun or for personal interest but I observe that it is too much. Even the official WhiteHouse website was infected with this computer worm. If I was in that time experiencing what badly Code Red virus was, then I could not imagine how many files and documents are lost and wasted.

     On the other side, in my mind I was thinking how did they do that?Even those secured websites was infected.Then here comes the Code Red II that was appeared on August 4,2001.Although it was similar to the original Code Red worm but it uses a pattern of repeating 'X' unlike the original Code Red that uses repeated character 'N' in overflowing the buffer.


References:
http://en.wikipedia.org/wiki/Code_Red_(computer_worm)
http://virus.wikia.com/wiki/CodeRed#
http://news.cnet.com/2009-1001-270471.html