Tech Time Warp: Worm named Code Red wakes users up to security risks

In this week’s tech time warp we look at how, following a month of DDoS attacks and security bulletins—including an attack on whitehouse.gov—computer users were on high alert Aug. 1, 2001, as they waited to see whether the Code Red Worm would reappear to wreak more havoc.

The virus’ name was a reference to Mountain Dew Code Red, which security experts Marc Maiffret and Ryan Permeh were drinking when they first detected the backdoor worm. Targeting computers that ran Windows NT or Windows 2000 and used Microsoft IIS web server software, versions 4.0 or 5.0, Code Red kept a strict schedule. On days 1–19 of the month, Code Red scanned the Internet, looking for other vulnerable computers to infect. From day 20 to 27, the malware conducted a denial of service, or DDoS, attack on a specific website. Then, from day 27 until the end of the month, Code Red took a break, lulling computer users into a sense of security. Infected web servers displayed web pages with the message “HELLO! Welcome to http://www.worm.com! Hacked by Chinese.”

No one was sure what to expect Aug. 1, but the threat did not materialize. Perhaps picking such a high-profile target in mid-July hastened Code Red’s demise; the White House thwarted the DDoS attack by redirecting the onslaught of incoming traffic to a different server. Microsoft was not so lucky: One of its web pages, www.windowsupdate.microsoft.com domain, was hacked by Code Red. Microsoft did succeed in releasing the widely adopted security patch that prevented Code Red from inconveniencing more computer users.

The original attack came from a server at a university in China, though computers in China were also affected.

Did you enjoy this installation of SmarterMSP’s Tech Time Warp? Check out others here.

Photo: Graphic Compressor / Shutterstock