Do you know what the Code Red virus is and how it paralyzed the Internet in 2001? The first malware of history marked the foundations for the software current malicious. Getting to understand them is important to notice which concepts are still applied today.
Computer worms date back to 1988, with the birth of the Morris worm, which generated losses of more than a million dollars at the time in repairs. However, after that milestone, more would emerge software of this type that would mark the history of the development of malware.
In this post, we will talk about one of the best-known computer worms of the early 2000s. Just when the world thought it had seen it all, after the CIH virus, the Melissa virus and the ILOVEYOU worm, came the virus that we will present in this article. Next, We will explain to you what the Code Red virus is.
What is Code Red virus?
The codered virus was a computer worm that spread via the Internet in 2001 and cost more than 2.4 billion dollars in repairs.. The Code Red worm exploited a vulnerability in buffer overflow on Windows internet servers and, in this way, it affected 1% of the total internet servers at that time.
How does Code Red virus work?
To explain what the Code Red virus is, we will talk about its propagation method and the malicious tasks it executes on the servers.
Infection
The code red virus (2001) was first identified on Friday, July 13, 2021. During the first hours of infection, the thousands of affected servers did not show any symptoms. However, hours later, the virus managed to take down the web pages of the affected servers and replaced them with a message containing the following information in text form:
«Welcome to ****://www.worm.com!»
“Hacked by the Chinese!”
After a few days, the virus would start using the infected servers to execute a distributed denial of service (DDoS) attack targeting an IP address belonging to the White House, with the intention of knocking her down. By July 18, the virus had infected more than 100,000 servers. One day later, on July 19, the infections reached a number of more than 360,000 affected servers.
The denial of service attack distributed to the White House website was completely unsuccessful, because it was directed at the site’s IP address, which was easily changed by government developers. Thereforenever posed a threat to said page.
Exploit
To understand what the Code Red virus is, it is necessary to know what it was one of the first viruses to exploit a vulnerability buffer overflow on Windows. In fact, this vulnerability had been discovered and patched by Microsoft almost a month before the attack.
A vulnerability of buffer overflow It is a security flaw allows an attacker to send enough data to overflow the memory capacity of a server and access other memory sectors of the server. In this way, remote code execution can be carried out in said sector of the computer.
Thus, taking advantage of a vulnerability of buffer overflow called MS01-033, the developers of the code red virus were able to create a malware that self-replicated on internet servers. Once executed the exploit, Code Red generated 99 random IP addresses and tried to send to each of them.
How was Code Red virus stopped?
We have already seen what the Code Red virus is and how it works. Now, we will talk about how the attack was stopped.
Some analysts claim that the Code Red virus had a positive impact on cybersecurity, since it revealed a new method of propagation without causing so much damage to computers. A computer infected with this virus could be repaired with a simple system reboot.
Furthermore, it is worth remembering that The distributed denial of service attack on the White House was a real failure. For this reason, it is considered that this virus had mild consequences for the victims and meant great learning for computer researchers.
The Code Red virus was only active for a month, because At the end of August 2001, the patch for the MS01-033 vulnerability had already been applied to most of the affected servers.. In this way, the Code Red virus became a computer worm with high levels of propagation, but which caused slight damage to systems.
How to learn more?
Now you know what the Code Red virus is and how it spread through the Internet in 2001. If you want learn more about analysis malware to become a cybersecurity expertenter our Cybersecurity Full Stack Bootcamp and specialize in less than 7 months. ¡Sign up now!