CodeRed is a worm that caused possible billions of dollars of damage in the summer of 2001. It contains the text string "Hacked by Chinese!", which is displayed on web pages that the worm defaces. It is also one of the few worms able to run entirely in memory, leaving no files on the hard drive or any other permanent storage.
WHEN DID IT APPEARED?
The Code Red worm was first discovered and researched by eEye Digital Security employees Marc Maiffret and Ryan Permeh. They named it "Code Red" because Code Red Mountain Dew was what they were drinking at the time.
HOW MANY COMPUTERS WERE AFFECTED?
Although the worm had been released on July 13, the largest group of infected computers was seen on July 19, 2001. On this day, the number of infected hosts reached 359,000.
HOW DID IT WORK?
The worm showed a vulnerability in the growing software distributed with IIS, described in Microsoft Security Bulletin MS01-033, for which a patch had been available a month earlier.
The worm spread itself using a common type of vulnerability known as a buffer overflow. It did this by using a long string of the repeated letter 'N' to overflow a buffer, allowing the worm to execute arbitrary code and infect the machine. Kenneth D. Eichman was the first to discover how to block it, and was invited to the White House for his discovery.
HOW WAS IT FIXED?
It was a fixed randomizer that will attempt all possibleIP addresses except those that begin with the 127 or 224 ctet. (An octet is an Internetterm for a unit of data containing exactly eght bits.) Italso does notchange the defaultweb page and it does not try to use the old www.whitehouse.gov IP address.
IMAGE
No hay comentarios:
Publicar un comentario