Code Red - Sixth Anniversary of Internet worm attacks
The Code Red attacks in July and August of 2001 represent one of the first completely automated major security attacks for Windows servers
that were not completely up-to-date on security patches.
A critical security patch was issued by Microsoft on June 18, 2001 and the 1st Code Red worm surfaced about one month later on July 13, 2001. It was essentially a reverse engineering of the MS01-033 security patch to automatically manipulate the Windows NT and 2000 Index Server environment used by IIS 4 and 5. The peak number of infections was around 359,000 by July 19, 2001.Code Red II was a much more potent attack launched on August 4, 2001
. It was not just another variant of Code Red, as it was a complete redesign and rewrite of the original attack. Code Red II had a more sophisticated design for randomly calculating IP addresses. The paradigmn presented by both Code Red and Nimda got administrators into the mode of applying patches expeditiously
, at least for servers. Still, more lessons were learned about workstation patching when the Blaster worm surfaced in August 2003.
Hopefully, history will not repeat itself where you simply plug a PC/server into the Internet and you get zapped. One of Microsoft's TWC improvements helps here with XP SP2 and Vista's firewalls that help protect against potentially malicious traffic that constantly surfaces on inbound TCP/IP ports. A key lesson learned is to constantly monitor the changing landscape associated with security risks
. Something that's completely safe today may not be tomorrow. Finally I believe even after six years, that Code Red I or II may still yet reside in limited circulation on some of the unpatched servers out there. Wiki Links for Code Red I and IIhttp://en.wikipedia.org/wiki/Code_Red_%28computer_worm%29http://en.wikipedia.org/wiki/Code_Red_II_%28computer_worm%29http://en.wikipedia.org/wiki/Notable_compu..._and_worms#2001MS01-033 - The key security bulletin exploited by these attackshttp://www.microsoft.com/technet/security/...n/MS01-033.mspxMicrosoft MVP Steve Friedl's Excellent Analysis http://www.unixwiz.net/techtips/CodeRedII.html