The Code Red worm was a computer worm first observed on the Internet on July 13, 2001. It attacked computers running Microsoft's IIS web server. The worm spread itself using a common type of vulnerability known as a buffer overflow. It did this by using a long string of the repeated character 'N' to overflow a buffer, allowing the worm to execute arbitrary code and infect the computer. The worm propagated and infected systems faster than anyone's ability to download and install the necessary corrective patches.
External resources Edit
- CERT® Advisory CA-2001-19 "Code Red" Worm Exploiting Buffer Overflow In IIS Indexing Service DLL (July 19, 2001, revised, Jan. 17, 2002) (full-text).
- CERT® Advisory CA-2001-23 Continued Threat of the "Code Red" Worm (July 26, 2001, revised, Jan. 17, 2002) (full-text).
- CERT® Incident Note IN-2001-10: "Code Red" Worm Crashes IIS 4.0 Servers with URL Redirection Enabled (Aug. 16, 2001) (full-text).
- CERT® Incident Note IN-2001-09: "Code Red II:" Another Worm Exploiting Buffer Overflow In IIS Indexing Service DLL (Aug. 6, 2001) (full-text).