Presentation is loading. Please wait.

Presentation is loading. Please wait.

Code-red worm Attack on Computers.

Similar presentations


Presentation on theme: "Code-red worm Attack on Computers."— Presentation transcript:

1 Code-red worm Attack on Computers

2 Overview The focus of this presentation will be to research the code-red worm attack. I have created an audit report. My audit report included a detailed technical background and how the threat compromised the target. This is the Power Point presentation which is included in the summary of my findings. The essay also focuses on a background and then how the code-worm looked, this Power Point presentation and then the conclusion which will follow. The focus of this presentation will be to research the code-red worm attack. I have created an audit report. My audit report included a detailed technical background and how the threat compromised the target. This is the Power Point presentation which is included in the summary of my findings. The essay also focuses on a background and then how the code-worm looked, this Power Point presentation and then the conclusion which will follow.

3 Background The code-red work attack was a malware virus that took place on computers during 2001 mainly (Berghel, 2001; Cowie, Ogielski, Premore & Yuan, 2001; Kc, Keromytis & Prevelakis, 2003, October; Long & Thomas, 2001; Moore, Paxson, Savage, Shannon, Staniford & Weaver, 2003; Moore & Shannon, 2002, November; Weaver, Paxson, Staniford & Cunningham, 2003, October; Zou, Gong & Towsley, 2002, November). The specific date of the code-red worm attack is July 15, 2001 (Berghel, 2001; Cowie, Ogielski, Premore & Yuan, 2001; Kc, Keromytis & Prevelakis, 2003, October; Long & Thomas, 2001; Moore, Paxson, Savage, Shannon, Staniford & Weaver, 2003; Moore & Shannon, 2002, November; Weaver, Paxson, Staniford & Cunningham, 2003, October; Zou, Gong & Towsley, 2002, November). The code-red work attack was a malware virus that took place on computers during 2001 mainly (Berghel, 2001; Cowie, Ogielski, Premore & Yuan, 2001; Kc, Keromytis & Prevelakis, 2003, October; Long & Thomas, 2001; Moore, Paxson, Savage, Shannon, Staniford & Weaver, 2003; Moore & Shannon, 2002, November; Weaver, Paxson, Staniford & Cunningham, 2003, October; Zou, Gong & Towsley, 2002, November). The specific date of the code-red worm attack is July 15, 2001 (Berghel, 2001; Cowie, Ogielski, Premore & Yuan, 2001; Kc, Keromytis & Prevelakis, 2003, October; Long & Thomas, 2001; Moore, Paxson, Savage, Shannon, Staniford & Weaver, 2003; Moore & Shannon, 2002, November; Weaver, Paxson, Staniford & Cunningham, 2003, October; Zou, Gong & Towsley, 2002, November).

4 Background Cont’d… The company of eEye Digital Security were the first to discover that the code-red worm attack of malware was spreading across the computer systems that ran Microsoft’s IIS web server (Berghel, 2001; Cowie, Ogielski, Premore & Yuan, 2001; Kc, Keromytis & Prevelakis, 2003, October; Long & Thomas, 2001; Moore, Paxson, Savage, Shannon, Staniford & Weaver, 2003; Moore & Shannon, 2002, November; Weaver, Paxson, Staniford & Cunningham, 2003, October; Zou, Gong & Towsley, 2002, November). The reason why the malware attack is named code-red is because the people who discovered the malware were drinking Code Red Mountain Dew at the time of the code-red worm malware attack (Berghel, 2001; Cowie, Ogielski, Premore & Yuan, 2001; Kc, Keromytis & Prevelakis, 2003, October; Long & Thomas, 2001; Moore, Paxson, Savage, Shannon, Staniford & Weaver, 2003; Moore & Shannon, 2002, November; Weaver, Paxson, Staniford & Cunningham, 2003, October; Zou, Gong & Towsley, 2002, November). The code-red worm attack was released on July 13, 2001 (Berghel, 2001; Cowie, Ogielski, Premore & Yuan, 2001; Kc, Keromytis & Prevelakis, 2003, October; Long & Thomas, 2001; Moore, Paxson, Savage, Shannon, Staniford & Weaver, 2003; Moore & Shannon, 2002, November; Weaver, Paxson, Staniford & Cunningham, 2003, October; Zou, Gong & Towsley, 2002, November). The company of eEye Digital Security were the first to discover that the code-red worm attack of malware was spreading across the computer systems that ran Microsoft’s IIS web server (Berghel, 2001; Cowie, Ogielski, Premore & Yuan, 2001; Kc, Keromytis & Prevelakis, 2003, October; Long & Thomas, 2001; Moore, Paxson, Savage, Shannon, Staniford & Weaver, 2003; Moore & Shannon, 2002, November; Weaver, Paxson, Staniford & Cunningham, 2003, October; Zou, Gong & Towsley, 2002, November). The reason why the malware attack is named code-red is because the people who discovered the malware were drinking Code Red Mountain Dew at the time of the code-red worm malware attack (Berghel, 2001; Cowie, Ogielski, Premore & Yuan, 2001; Kc, Keromytis & Prevelakis, 2003, October; Long & Thomas, 2001; Moore, Paxson, Savage, Shannon, Staniford & Weaver, 2003; Moore & Shannon, 2002, November; Weaver, Paxson, Staniford & Cunningham, 2003, October; Zou, Gong & Towsley, 2002, November). The code-red worm attack was released on July 13, 2001 (Berghel, 2001; Cowie, Ogielski, Premore & Yuan, 2001; Kc, Keromytis & Prevelakis, 2003, October; Long & Thomas, 2001; Moore, Paxson, Savage, Shannon, Staniford & Weaver, 2003; Moore & Shannon, 2002, November; Weaver, Paxson, Staniford & Cunningham, 2003, October; Zou, Gong & Towsley, 2002, November).

5 Background Cont’d… It took six days after that on July 19, 2001 for the largest number of computers that were running the Microsoft IIS web server to be affected with the code-red worm malware (Berghel, 2001; Cowie, Ogielski, Premore & Yuan, 2001; Kc, Keromytis & Prevelakis, 2003, October; Long & Thomas, 2001; Moore, Paxson, Savage, Shannon, Staniford & Weaver, 2003; Moore & Shannon, 2002, November; Weaver, Paxson, Staniford & Cunningham, 2003, October; Zou, Gong & Towsley, 2002, November). On July 19, 2001, the number of computers that were attacked with the code-red malware was approximately 359,000 computers (Berghel, 2001; Cowie, Ogielski, Premore & Yuan, 2001; Kc, Keromytis & Prevelakis, 2003, October; Long & Thomas, 2001; Moore, Paxson, Savage, Shannon, Staniford & Weaver, 2003; Moore & Shannon, 2002, November; Weaver, Paxson, Staniford & Cunningham, 2003, October; Zou, Gong & Towsley, 2002, November). It took six days after that on July 19, 2001 for the largest number of computers that were running the Microsoft IIS web server to be affected with the code-red worm malware (Berghel, 2001; Cowie, Ogielski, Premore & Yuan, 2001; Kc, Keromytis & Prevelakis, 2003, October; Long & Thomas, 2001; Moore, Paxson, Savage, Shannon, Staniford & Weaver, 2003; Moore & Shannon, 2002, November; Weaver, Paxson, Staniford & Cunningham, 2003, October; Zou, Gong & Towsley, 2002, November). On July 19, 2001, the number of computers that were attacked with the code-red malware was approximately 359,000 computers (Berghel, 2001; Cowie, Ogielski, Premore & Yuan, 2001; Kc, Keromytis & Prevelakis, 2003, October; Long & Thomas, 2001; Moore, Paxson, Savage, Shannon, Staniford & Weaver, 2003; Moore & Shannon, 2002, November; Weaver, Paxson, Staniford & Cunningham, 2003, October; Zou, Gong & Towsley, 2002, November).

6 How the Worm Looked on Computers
The effects of the code-red worm attack would literally destroy the front page of a website (Berghel, 2001; Cowie, Ogielski, Premore & Yuan, 2001; Kc, Keromytis & Prevelakis, 2003, October; Long & Thomas, 2001; Moore, Paxson, Savage, Shannon, Staniford & Weaver, 2003; Moore & Shannon, 2002, November; Weaver, Paxson, Staniford & Cunningham, 2003, October; Zou, Gong & Towsley, 2002, November). What would appear on the front page of a website would be the following. HELLO! Welcome to Hacked By Chinese! (Berghel, 2001; Cowie, Ogielski, Premore & Yuan, 2001; Kc, Keromytis & Prevelakis, 2003, October; Long & Thomas, 2001; Moore, Paxson, Savage, Shannon, Staniford & Weaver, 2003; Moore & Shannon, 2002, November; Weaver, Paxson, Staniford & Cunningham, 2003, October; Zou, Gong & Towsley, 2002, November). The effects of the code-red worm attack would literally destroy the front page of a website (Berghel, 2001; Cowie, Ogielski, Premore & Yuan, 2001; Kc, Keromytis & Prevelakis, 2003, October; Long & Thomas, 2001; Moore, Paxson, Savage, Shannon, Staniford & Weaver, 2003; Moore & Shannon, 2002, November; Weaver, Paxson, Staniford & Cunningham, 2003, October; Zou, Gong & Towsley, 2002, November). What would appear on the front page of a website would be the following. HELLO! Welcome to Hacked By Chinese! (Berghel, 2001; Cowie, Ogielski, Premore & Yuan, 2001; Kc, Keromytis & Prevelakis, 2003, October; Long & Thomas, 2001; Moore, Paxson, Savage, Shannon, Staniford & Weaver, 2003; Moore & Shannon, 2002, November; Weaver, Paxson, Staniford & Cunningham, 2003, October; Zou, Gong & Towsley, 2002, November).

7 How the Worm Looked on Computers Cont’d…
On August 4, 2001, Code Red II appeared. Code Red II is a variant of the original Code Red worm. Although it uses the same injection vector it has a completely different payload. It pseudo-randomly chose targets on the same or different subnets as the infected machines according to a fixed probability distribution, favoring targets on its own subnet more often than not. Additionally, it used the pattern of repeating 'X' characters instead of 'N' characters to overflow the buffer. eEye believed that the worm originated in Makati City, Philippines, the same origin as the VBS/Loveletter (aka "ILOVEYOU") worm. (Berghel, 2001; Cowie, Ogielski, Premore & Yuan, 2001; Kc, Keromytis & Prevelakis, 2003, October; Long & Thomas, 2001; Moore, Paxson, Savage, Shannon, Staniford & Weaver, 2003; Moore & Shannon, 2002, November; Weaver, Paxson, Staniford & Cunningham, 2003, October; Zou, Gong & Towsley, 2002, November). This is exactly how the code-red worm was able to spread so fast and so quickly (Berghel, 2001; Cowie, Ogielski, Premore & Yuan, 2001; Kc, Keromytis & Prevelakis, 2003, October; Long & Thomas, 2001; Moore, Paxson, Savage, Shannon, Staniford & Weaver, 2003; Moore & Shannon, 2002, November; Weaver, Paxson, Staniford & Cunningham, 2003, October; Zou, Gong & Towsley, 2002, November). On August 4, 2001, Code Red II appeared. Code Red II is a variant of the original Code Red worm. Although it uses the same injection vector it has a completely different payload. It pseudo-randomly chose targets on the same or different subnets as the infected machines according to a fixed probability distribution, favoring targets on its own subnet more often than not. Additionally, it used the pattern of repeating 'X' characters instead of 'N' characters to overflow the buffer. eEye believed that the worm originated in Makati City, Philippines, the same origin as the VBS/Loveletter (aka "ILOVEYOU") worm. (Berghel, 2001; Cowie, Ogielski, Premore & Yuan, 2001; Kc, Keromytis & Prevelakis, 2003, October; Long & Thomas, 2001; Moore, Paxson, Savage, Shannon, Staniford & Weaver, 2003; Moore & Shannon, 2002, November; Weaver, Paxson, Staniford & Cunningham, 2003, October; Zou, Gong & Towsley, 2002, November). This is exactly how the code-red worm was able to spread so fast and so quickly (Berghel, 2001; Cowie, Ogielski, Premore & Yuan, 2001; Kc, Keromytis & Prevelakis, 2003, October; Long & Thomas, 2001; Moore, Paxson, Savage, Shannon, Staniford & Weaver, 2003; Moore & Shannon, 2002, November; Weaver, Paxson, Staniford & Cunningham, 2003, October; Zou, Gong & Towsley, 2002, November).

8 Conclusion The focus of this essay was to research the code-red worm attack. I created an audit report. My audit report include detailed technical background and how the threat compromised the target. A Power Point presentation was also included in the summary of my findings. This essay also focused on a background and then how the code-worm looked, the Power Point presentation and then the conclusion here. The focus of this essay was to research the code-red worm attack. I created an audit report. My audit report include detailed technical background and how the threat compromised the target. A Power Point presentation was also included in the summary of my findings. This essay also focused on a background and then how the code-worm looked, the Power Point presentation and then the conclusion here.

9 References Berghel, H. (2001). The code red worm. Communications of the ACM, 44(12), Retrieved from: Cowie, J., Ogielski, A., Premore, B., & Yuan, Y. (2001). Global routing instabilities during Code Red II and Nimda worm propagation. Retrieved from: Kc, G. S., Keromytis, A. D., & Prevelakis, V. (2003, October). Countering code-injection attacks with instruction-set randomization. In Proceedings of the 10th ACM conference on Computer and communications security (pp ). ACM. Retrieved from: Long, N., & Thomas, R. (2001). Trends in denial of service attack technology. CERT Coordination Center. Retrieved from: Moore, D., Paxson, V., Savage, S., Shannon, C., Staniford, S., & Weaver, N. (2003). Inside the slammer worm. IEEE Security & Privacy, 99(4), Moore, D., & Shannon, C. (2002, November). Code-Red: a case study on the spread and victims of an Internet worm. In Proceedings of the 2nd ACM SIGCOMM Workshop on Internet measurment (pp ). ACM. Retrieved from: Weaver, N., Paxson, V., Staniford, S., & Cunningham, R. (2003, October). A taxonomy of computer worms. In Proceedings of the 2003 ACM workshop on Rapid malcode (pp ). ACM. Retrieved from: Zou, C. C., Gong, W., & Towsley, D. (2002, November). Code red worm propagation modeling and analysis. In Proceedings of the 9th ACM conference on Computer and communications security (pp ). ACM. Retrieved from: Berghel, H. (2001). The code red worm. Communications of the ACM, 44(12), Retrieved from: Cowie, J., Ogielski, A., Premore, B., & Yuan, Y. (2001). Global routing instabilities during Code Red II and Nimda worm propagation. Retrieved from: Kc, G. S., Keromytis, A. D., & Prevelakis, V. (2003, October). Countering code-injection attacks with instruction-set randomization. In Proceedings of the 10th ACM conference on Computer and communications security (pp ). ACM. Retrieved from: Long, N., & Thomas, R. (2001). Trends in denial of service attack technology. CERT Coordination Center. Retrieved from: Moore, D., Paxson, V., Savage, S., Shannon, C., Staniford, S., & Weaver, N. (2003). Inside the slammer worm. IEEE Security & Privacy, 99(4), Moore, D., & Shannon, C. (2002, November). Code-Red: a case study on the spread and victims of an Internet worm. In Proceedings of the 2nd ACM SIGCOMM Workshop on Internet measurment (pp ). ACM. Retrieved from: Weaver, N., Paxson, V., Staniford, S., & Cunningham, R. (2003, October). A taxonomy of computer worms. In Proceedings of the 2003 ACM workshop on Rapid malcode (pp ). ACM. Retrieved from: Zou, C. C., Gong, W., & Towsley, D. (2002, November). Code red worm propagation modeling and analysis. In Proceedings of the 9th ACM conference on Computer and communications security (pp ). ACM. Retrieved from:


Download ppt "Code-red worm Attack on Computers."

Similar presentations


Ads by Google