Week 4: Essay 4.1
Malicious Code Attack
Harold Streat Jr (15813476)
NT2580: Introduction to Information Security
March 2, 2014
Malicious Code Attack
The Code Red virus didn't kill the Internet, but it did prove that there is a long way to go in the war against cyber-attacks, and, if the future is anything like the past, it is a war the good guys will never win (Burnett & Gomez, 2001).
The Code Red worm is one example where knowledge of emerging vulnerabilities and implementation of security patches plus overall watchfulness of network activity could have saved many systems from falling prey to a well-publicized attack (Burnett & Gomez, 2001).
The Code Red or Red Wiggler Worm, as it was known, was a self-replicating program designed to consume ...view middle of the document...
The worm began by scanning networks to identify hosts running IIS and accepting information on TCP port 80. Once a valid host was found, the worm attempted to exploit a buffer overflow vulnerability in the IIS Indexing Service. When it was successful, it replicated itself on the infected server and began scanning for more hosts to infect (Burnett & Gomez, 2001).
The original worm defaced web sites while simultaneously attacking hosts. What may have contributed to the infamy of the worm, and caught the attention of the US government, was that the Code Red worm was programmed to attack the IP address for the White House from all sites it managed to infect. The White House avoided the potential denial-of-service attack by changing the IP address of its site, but this was not without significant effort on the part of many security professionals to identify the attack and reconfigure systems with the new IP address. The worm successfully debilitated a substantial number of systems despite alarmist reports from government and private industry sources that spread quickly into mainstream media. Interestingly, hundreds of thousands of systems were infected although a patch (a software fix) was made available to remove the security hole a few months before the worm became widespread. The fact that the attack was successful even though a patch had been available for a while is an example of the current time gap that exists between the dissemination of security information by vendors and security experts and the actual enforcement of the suggested security measures in the real world (Burnett & Gomez, 2001).
Burnett, M., & Gomez, C. (2001). When Code Red Attacks: Addressing Vulnerabilities Behind Virus Hysteria. http://www.isaca.org/Journal/Past-Issues/2001/Volume-6/Pages/When-Code-Red-Attacks-Addressing-Vulnerabilities-Behind-Virus-Hysteria.aspx