The Code Red worm reference article from the English Wikipedia on 24-Jul-2004 (provided by Fixed Reference: snapshots of Wikipedia from wikipedia.org)

Code Red worm

On July 19, 2001 a computer worm affecting Microsoft's Internet Information Server (IIS) web server was unleashed on the Internet. It soon became known as Code Red, named after the Mountain Dew soft drink by the programmers at eEye who reported it. This worm exploited a vulnerability in the indexing software distributed with IIS and did several things:

• It defaced the affected web site to display:

  "HELLO! Welcome to http://www.worm.com! Hacked By Chinese" (The last phrase became a stock phrase)

• It tried to spread itself by looking for more IIS servers on the Internet.
• It waited 20-27 days after it was installed to launch denial of service attacks on several fixed IP addresses. The IP address of the White House web server was among those.
• It used the pattern NNNNNNNN...

On August 4, 2001, a variant of the Code Red worm, named Code Red II, appeared. It pseudo-randomly chose targets on the same or different subnets as the infected machines according to a fixed probability distribution, favoring targets on its own subnet more often than not, and it used the pattern XXXXXXXX... instead of NNNNNNNN...

See Also

• eEye Code Red advisory
• Code Red II analysis
• Notable computer viruses and worms

This is the "Code Red worm" reference article from the English Wikipedia. All text is available under the terms of the GNU Free Documentation License. See also our Disclaimer.