Back to Recollections
Beginner
2001
Code Red
Target: Microsoft IIS Web Servers
Impact: Global Web Defacement
Operational Briefing
A legendary worm that infected 359,000 servers in less than 14 hours. It defaced websites with "HACKED BY CHINESE!" and launched attacks on the White House.
The Full Story
Code Red was a computer worm observed on the Internet on July 15, 2001. It attacked computers running Microsoft's IIS web server. It was famous for defacing websites and attempting to launch a coordinated DDoS attack on the White House website.
Technical Analysis
Buffer Overflow
- Vector: Exploited a buffer overflow vulnerability in the IDQ indexing service (part of IIS).
- Payload: Resident completely in memory (fileless).
- Behavior: Checks day of month. Days 1-19: Spread. Days 20-27: Attack White House IP.
Available Modes
Offensive
Replicate the attack vector
Defensive
Harden systems & patch
Analysis
Forensic investigation
Event Timeline
June 2001
Microsoft releases patch for IDQ vulnerability.
July 15, 2001
Code Red I released.
July 19, 2001
Code Red infects 359,000 hosts in 14 hours.
#Worm#Buffer Overflow#IIS