Presentation is loading. Please wait.

Presentation is loading. Please wait.

Code-red worm Attack on Computers.

Published byἩρώδης Γούναρης Modified over 6 years ago

Similar presentations

Presentation on theme: "Code-red worm Attack on Computers."— Presentation transcript:

1 Code-red worm Attack on Computers

2 Overview The focus of this presentation will be to research the code-red worm attack. I have created an audit report. My audit report included a detailed technical background and how the threat compromised the target. This is the Power Point presentation which is included in the summary of my findings. The essay also focuses on a background and then how the code-worm looked, this Power Point presentation and then the conclusion which will follow. The focus of this presentation will be to research the code-red worm attack. I have created an audit report. My audit report included a detailed technical background and how the threat compromised the target. This is the Power Point presentation which is included in the summary of my findings. The essay also focuses on a background and then how the code-worm looked, this Power Point presentation and then the conclusion which will follow.

3 Background The code-red work attack was a malware virus that took place on computers during 2001 mainly (Berghel, 2001; Cowie, Ogielski, Premore & Yuan, 2001; Kc, Keromytis & Prevelakis, 2003, October; Long & Thomas, 2001; Moore, Paxson, Savage, Shannon, Staniford & Weaver, 2003; Moore & Shannon, 2002, November; Weaver, Paxson, Staniford & Cunningham, 2003, October; Zou, Gong & Towsley, 2002, November). The specific date of the code-red worm attack is July 15, 2001 (Berghel, 2001; Cowie, Ogielski, Premore & Yuan, 2001; Kc, Keromytis & Prevelakis, 2003, October; Long & Thomas, 2001; Moore, Paxson, Savage, Shannon, Staniford & Weaver, 2003; Moore & Shannon, 2002, November; Weaver, Paxson, Staniford & Cunningham, 2003, October; Zou, Gong & Towsley, 2002, November). The code-red work attack was a malware virus that took place on computers during 2001 mainly (Berghel, 2001; Cowie, Ogielski, Premore & Yuan, 2001; Kc, Keromytis & Prevelakis, 2003, October; Long & Thomas, 2001; Moore, Paxson, Savage, Shannon, Staniford & Weaver, 2003; Moore & Shannon, 2002, November; Weaver, Paxson, Staniford & Cunningham, 2003, October; Zou, Gong & Towsley, 2002, November). The specific date of the code-red worm attack is July 15, 2001 (Berghel, 2001; Cowie, Ogielski, Premore & Yuan, 2001; Kc, Keromytis & Prevelakis, 2003, October; Long & Thomas, 2001; Moore, Paxson, Savage, Shannon, Staniford & Weaver, 2003; Moore & Shannon, 2002, November; Weaver, Paxson, Staniford & Cunningham, 2003, October; Zou, Gong & Towsley, 2002, November).

4 Background Cont’d… The company of eEye Digital Security were the first to discover that the code-red worm attack of malware was spreading across the computer systems that ran Microsoft’s IIS web server (Berghel, 2001; Cowie, Ogielski, Premore & Yuan, 2001; Kc, Keromytis & Prevelakis, 2003, October; Long & Thomas, 2001; Moore, Paxson, Savage, Shannon, Staniford & Weaver, 2003; Moore & Shannon, 2002, November; Weaver, Paxson, Staniford & Cunningham, 2003, October; Zou, Gong & Towsley, 2002, November). The reason why the malware attack is named code-red is because the people who discovered the malware were drinking Code Red Mountain Dew at the time of the code-red worm malware attack (Berghel, 2001; Cowie, Ogielski, Premore & Yuan, 2001; Kc, Keromytis & Prevelakis, 2003, October; Long & Thomas, 2001; Moore, Paxson, Savage, Shannon, Staniford & Weaver, 2003; Moore & Shannon, 2002, November; Weaver, Paxson, Staniford & Cunningham, 2003, October; Zou, Gong & Towsley, 2002, November). The code-red worm attack was released on July 13, 2001 (Berghel, 2001; Cowie, Ogielski, Premore & Yuan, 2001; Kc, Keromytis & Prevelakis, 2003, October; Long & Thomas, 2001; Moore, Paxson, Savage, Shannon, Staniford & Weaver, 2003; Moore & Shannon, 2002, November; Weaver, Paxson, Staniford & Cunningham, 2003, October; Zou, Gong & Towsley, 2002, November). The company of eEye Digital Security were the first to discover that the code-red worm attack of malware was spreading across the computer systems that ran Microsoft’s IIS web server (Berghel, 2001; Cowie, Ogielski, Premore & Yuan, 2001; Kc, Keromytis & Prevelakis, 2003, October; Long & Thomas, 2001; Moore, Paxson, Savage, Shannon, Staniford & Weaver, 2003; Moore & Shannon, 2002, November; Weaver, Paxson, Staniford & Cunningham, 2003, October; Zou, Gong & Towsley, 2002, November). The reason why the malware attack is named code-red is because the people who discovered the malware were drinking Code Red Mountain Dew at the time of the code-red worm malware attack (Berghel, 2001; Cowie, Ogielski, Premore & Yuan, 2001; Kc, Keromytis & Prevelakis, 2003, October; Long & Thomas, 2001; Moore, Paxson, Savage, Shannon, Staniford & Weaver, 2003; Moore & Shannon, 2002, November; Weaver, Paxson, Staniford & Cunningham, 2003, October; Zou, Gong & Towsley, 2002, November). The code-red worm attack was released on July 13, 2001 (Berghel, 2001; Cowie, Ogielski, Premore & Yuan, 2001; Kc, Keromytis & Prevelakis, 2003, October; Long & Thomas, 2001; Moore, Paxson, Savage, Shannon, Staniford & Weaver, 2003; Moore & Shannon, 2002, November; Weaver, Paxson, Staniford & Cunningham, 2003, October; Zou, Gong & Towsley, 2002, November).

5 Background Cont’d… It took six days after that on July 19, 2001 for the largest number of computers that were running the Microsoft IIS web server to be affected with the code-red worm malware (Berghel, 2001; Cowie, Ogielski, Premore & Yuan, 2001; Kc, Keromytis & Prevelakis, 2003, October; Long & Thomas, 2001; Moore, Paxson, Savage, Shannon, Staniford & Weaver, 2003; Moore & Shannon, 2002, November; Weaver, Paxson, Staniford & Cunningham, 2003, October; Zou, Gong & Towsley, 2002, November). On July 19, 2001, the number of computers that were attacked with the code-red malware was approximately 359,000 computers (Berghel, 2001; Cowie, Ogielski, Premore & Yuan, 2001; Kc, Keromytis & Prevelakis, 2003, October; Long & Thomas, 2001; Moore, Paxson, Savage, Shannon, Staniford & Weaver, 2003; Moore & Shannon, 2002, November; Weaver, Paxson, Staniford & Cunningham, 2003, October; Zou, Gong & Towsley, 2002, November). It took six days after that on July 19, 2001 for the largest number of computers that were running the Microsoft IIS web server to be affected with the code-red worm malware (Berghel, 2001; Cowie, Ogielski, Premore & Yuan, 2001; Kc, Keromytis & Prevelakis, 2003, October; Long & Thomas, 2001; Moore, Paxson, Savage, Shannon, Staniford & Weaver, 2003; Moore & Shannon, 2002, November; Weaver, Paxson, Staniford & Cunningham, 2003, October; Zou, Gong & Towsley, 2002, November). On July 19, 2001, the number of computers that were attacked with the code-red malware was approximately 359,000 computers (Berghel, 2001; Cowie, Ogielski, Premore & Yuan, 2001; Kc, Keromytis & Prevelakis, 2003, October; Long & Thomas, 2001; Moore, Paxson, Savage, Shannon, Staniford & Weaver, 2003; Moore & Shannon, 2002, November; Weaver, Paxson, Staniford & Cunningham, 2003, October; Zou, Gong & Towsley, 2002, November).

6 How the Worm Looked on Computers
The effects of the code-red worm attack would literally destroy the front page of a website (Berghel, 2001; Cowie, Ogielski, Premore & Yuan, 2001; Kc, Keromytis & Prevelakis, 2003, October; Long & Thomas, 2001; Moore, Paxson, Savage, Shannon, Staniford & Weaver, 2003; Moore & Shannon, 2002, November; Weaver, Paxson, Staniford & Cunningham, 2003, October; Zou, Gong & Towsley, 2002, November). What would appear on the front page of a website would be the following. HELLO! Welcome to Hacked By Chinese! (Berghel, 2001; Cowie, Ogielski, Premore & Yuan, 2001; Kc, Keromytis & Prevelakis, 2003, October; Long & Thomas, 2001; Moore, Paxson, Savage, Shannon, Staniford & Weaver, 2003; Moore & Shannon, 2002, November; Weaver, Paxson, Staniford & Cunningham, 2003, October; Zou, Gong & Towsley, 2002, November). The effects of the code-red worm attack would literally destroy the front page of a website (Berghel, 2001; Cowie, Ogielski, Premore & Yuan, 2001; Kc, Keromytis & Prevelakis, 2003, October; Long & Thomas, 2001; Moore, Paxson, Savage, Shannon, Staniford & Weaver, 2003; Moore & Shannon, 2002, November; Weaver, Paxson, Staniford & Cunningham, 2003, October; Zou, Gong & Towsley, 2002, November). What would appear on the front page of a website would be the following. HELLO! Welcome to Hacked By Chinese! (Berghel, 2001; Cowie, Ogielski, Premore & Yuan, 2001; Kc, Keromytis & Prevelakis, 2003, October; Long & Thomas, 2001; Moore, Paxson, Savage, Shannon, Staniford & Weaver, 2003; Moore & Shannon, 2002, November; Weaver, Paxson, Staniford & Cunningham, 2003, October; Zou, Gong & Towsley, 2002, November).

7 How the Worm Looked on Computers Cont’d…
On August 4, 2001, Code Red II appeared. Code Red II is a variant of the original Code Red worm. Although it uses the same injection vector it has a completely different payload. It pseudo-randomly chose targets on the same or different subnets as the infected machines according to a fixed probability distribution, favoring targets on its own subnet more often than not. Additionally, it used the pattern of repeating 'X' characters instead of 'N' characters to overflow the buffer. eEye believed that the worm originated in Makati City, Philippines, the same origin as the VBS/Loveletter (aka "ILOVEYOU") worm. (Berghel, 2001; Cowie, Ogielski, Premore & Yuan, 2001; Kc, Keromytis & Prevelakis, 2003, October; Long & Thomas, 2001; Moore, Paxson, Savage, Shannon, Staniford & Weaver, 2003; Moore & Shannon, 2002, November; Weaver, Paxson, Staniford & Cunningham, 2003, October; Zou, Gong & Towsley, 2002, November). This is exactly how the code-red worm was able to spread so fast and so quickly (Berghel, 2001; Cowie, Ogielski, Premore & Yuan, 2001; Kc, Keromytis & Prevelakis, 2003, October; Long & Thomas, 2001; Moore, Paxson, Savage, Shannon, Staniford & Weaver, 2003; Moore & Shannon, 2002, November; Weaver, Paxson, Staniford & Cunningham, 2003, October; Zou, Gong & Towsley, 2002, November). On August 4, 2001, Code Red II appeared. Code Red II is a variant of the original Code Red worm. Although it uses the same injection vector it has a completely different payload. It pseudo-randomly chose targets on the same or different subnets as the infected machines according to a fixed probability distribution, favoring targets on its own subnet more often than not. Additionally, it used the pattern of repeating 'X' characters instead of 'N' characters to overflow the buffer. eEye believed that the worm originated in Makati City, Philippines, the same origin as the VBS/Loveletter (aka "ILOVEYOU") worm. (Berghel, 2001; Cowie, Ogielski, Premore & Yuan, 2001; Kc, Keromytis & Prevelakis, 2003, October; Long & Thomas, 2001; Moore, Paxson, Savage, Shannon, Staniford & Weaver, 2003; Moore & Shannon, 2002, November; Weaver, Paxson, Staniford & Cunningham, 2003, October; Zou, Gong & Towsley, 2002, November). This is exactly how the code-red worm was able to spread so fast and so quickly (Berghel, 2001; Cowie, Ogielski, Premore & Yuan, 2001; Kc, Keromytis & Prevelakis, 2003, October; Long & Thomas, 2001; Moore, Paxson, Savage, Shannon, Staniford & Weaver, 2003; Moore & Shannon, 2002, November; Weaver, Paxson, Staniford & Cunningham, 2003, October; Zou, Gong & Towsley, 2002, November).

8 Conclusion The focus of this essay was to research the code-red worm attack. I created an audit report. My audit report include detailed technical background and how the threat compromised the target. A Power Point presentation was also included in the summary of my findings. This essay also focused on a background and then how the code-worm looked, the Power Point presentation and then the conclusion here. The focus of this essay was to research the code-red worm attack. I created an audit report. My audit report include detailed technical background and how the threat compromised the target. A Power Point presentation was also included in the summary of my findings. This essay also focused on a background and then how the code-worm looked, the Power Point presentation and then the conclusion here.

9 References Berghel, H. (2001). The code red worm. Communications of the ACM, 44(12), Retrieved from: Cowie, J., Ogielski, A., Premore, B., & Yuan, Y. (2001). Global routing instabilities during Code Red II and Nimda worm propagation. Retrieved from: Kc, G. S., Keromytis, A. D., & Prevelakis, V. (2003, October). Countering code-injection attacks with instruction-set randomization. In Proceedings of the 10th ACM conference on Computer and communications security (pp ). ACM. Retrieved from: Long, N., & Thomas, R. (2001). Trends in denial of service attack technology. CERT Coordination Center. Retrieved from: Moore, D., Paxson, V., Savage, S., Shannon, C., Staniford, S., & Weaver, N. (2003). Inside the slammer worm. IEEE Security & Privacy, 99(4), Moore, D., & Shannon, C. (2002, November). Code-Red: a case study on the spread and victims of an Internet worm. In Proceedings of the 2nd ACM SIGCOMM Workshop on Internet measurment (pp ). ACM. Retrieved from: Weaver, N., Paxson, V., Staniford, S., & Cunningham, R. (2003, October). A taxonomy of computer worms. In Proceedings of the 2003 ACM workshop on Rapid malcode (pp ). ACM. Retrieved from: Zou, C. C., Gong, W., & Towsley, D. (2002, November). Code red worm propagation modeling and analysis. In Proceedings of the 9th ACM conference on Computer and communications security (pp ). ACM. Retrieved from: Berghel, H. (2001). The code red worm. Communications of the ACM, 44(12), Retrieved from: Cowie, J., Ogielski, A., Premore, B., & Yuan, Y. (2001). Global routing instabilities during Code Red II and Nimda worm propagation. Retrieved from: Kc, G. S., Keromytis, A. D., & Prevelakis, V. (2003, October). Countering code-injection attacks with instruction-set randomization. In Proceedings of the 10th ACM conference on Computer and communications security (pp ). ACM. Retrieved from: Long, N., & Thomas, R. (2001). Trends in denial of service attack technology. CERT Coordination Center. Retrieved from: Moore, D., Paxson, V., Savage, S., Shannon, C., Staniford, S., & Weaver, N. (2003). Inside the slammer worm. IEEE Security & Privacy, 99(4), Moore, D., & Shannon, C. (2002, November). Code-Red: a case study on the spread and victims of an Internet worm. In Proceedings of the 2nd ACM SIGCOMM Workshop on Internet measurment (pp ). ACM. Retrieved from: Weaver, N., Paxson, V., Staniford, S., & Cunningham, R. (2003, October). A taxonomy of computer worms. In Proceedings of the 2003 ACM workshop on Rapid malcode (pp ). ACM. Retrieved from: Zou, C. C., Gong, W., & Towsley, D. (2002, November). Code red worm propagation modeling and analysis. In Proceedings of the 9th ACM conference on Computer and communications security (pp ). ACM. Retrieved from:

Download ppt "Code-red worm Attack on Computers."

Similar presentations

(Distributed) Denial of Service Nick Feamster CS 4251 Spring 2008.

(Distributed) Denial of Service Nick Feamster CS 4251 Spring 2008.
Computer Science CSC 405Dr. Peng Ning1 CSC 405 Introduction to Computer Security Topic 3. Program Security -- Part I.

Computer Science CSC 405Dr. Peng Ning1 CSC 405 Introduction to Computer Security Topic 3. Program Security -- Part I.
Code-Red : a case study on the spread and victims of an Internet worm David Moore, Colleen Shannon, Jeffery Brown Jonghyun Kim.

Code-Red : a case study on the spread and victims of an Internet worm David Moore, Colleen Shannon, Jeffery Brown Jonghyun Kim.
By Hiranmayi Pai Neeraj Jain

By Hiranmayi Pai Neeraj Jain
The development of Internet A cow was lost in Jan 14th 2003. If you know where it is, please contact with me. My QQ number is 87881405. QQ is one of the.

The development of Internet A cow was lost in Jan 14th If you know where it is, please contact with me. My QQ number is QQ is one of the.
MOSQUITO BREEDING ATTACK: Spread of bots using Peer To Peer INSTRUCTOR: Dr.Cliff Zou PRESENTED BY : BHARAT SOUNDARARAJAN & AMIT SHRIVATSAVA.

MOSQUITO BREEDING ATTACK: Spread of bots using Peer To Peer INSTRUCTOR: Dr.Cliff Zou PRESENTED BY : BHARAT SOUNDARARAJAN & AMIT SHRIVATSAVA.
 Population: N=100,000  Scan rate  = 4000/sec, Initially infected: I 0 =10  Monitored IP space 2 20, Monitoring interval:  = 1 second Infected hosts.

 Population: N=100,000  Scan rate  = 4000/sec, Initially infected: I 0 =10  Monitored IP space 2 20, Monitoring interval:  = 1 second Infected hosts.
 Well-publicized worms  Worm propagation curve  Scanning strategies (uniform, permutation, hitlist, subnet) 1.

 Well-publicized worms  Worm propagation curve  Scanning strategies (uniform, permutation, hitlist, subnet) 1.
Worm Defenses Zach Lovelady and Nick Oliver cs239 – Network Security – Spr2003.

Worm Defenses Zach Lovelady and Nick Oliver cs239 – Network Security – Spr2003.
Welcome to EECS 354 Network Penetration and Security.

Welcome to EECS 354 Network Penetration and Security.
Welcome to EECS 450 Internet Security. Why Internet Security The past decade has seen an explosion in the concern for the security of information –Malicious.

Welcome to EECS 450 Internet Security. Why Internet Security The past decade has seen an explosion in the concern for the security of information –Malicious.
Welcome to EECS 450 Internet Security. 2 Why Internet Security The past decade has seen an explosion in the concern for the security of information –Malicious.

Welcome to EECS 450 Internet Security. 2 Why Internet Security The past decade has seen an explosion in the concern for the security of information –Malicious.
Internet Worms - A Quick Overview Presented By : Sumitha Bhandarkar Presented On : 04.08.03.

Internet Worms - A Quick Overview Presented By : Sumitha Bhandarkar Presented On :
How to Own the Internet in your spare time Ashish Gupta Network Security April 2004.

How to Own the Internet in your spare time Ashish Gupta Network Security April 2004.
100% Security “ The only system which is truly secure is one which is switched off and unplugged, locked in a titanium lined safe, buried in a concrete.

100% Security “ The only system which is truly secure is one which is switched off and unplugged, locked in a titanium lined safe, buried in a concrete.
3/30/2005 Auburn University Information Assurance Lab 1 Simulating Secure Overlay Services.

3/30/2005 Auburn University Information Assurance Lab 1 Simulating Secure Overlay Services.
1 The Spread of the Sapphire/Slammer Worm D. Moore, V. Paxson, S. Savage, C. Shannon, S. Staniford, N. Weaver Presented by Stefan Birrer.

1 The Spread of the Sapphire/Slammer Worm D. Moore, V. Paxson, S. Savage, C. Shannon, S. Staniford, N. Weaver Presented by Stefan Birrer.
Internet Quarantine: Requirements for Containing Self-Propagating Code David Moore et. al. University of California, San Diego.

Internet Quarantine: Requirements for Containing Self-Propagating Code David Moore et. al. University of California, San Diego.
A Study of Mass- mailing Worms By Cynthia Wong, Stan Bielski, Jonathan M. McCune, and Chenxi Wang, Carnegie Mellon University, 2004 Presented by Allen.

A Study of Mass- mailing Worms By Cynthia Wong, Stan Bielski, Jonathan M. McCune, and Chenxi Wang, Carnegie Mellon University, 2004 Presented by Allen.
1 Internet Security Threat Report X Internet Security Threat Report VI Figure 1.Distribution Of Attacks Targeting Web Browsers.

1 Internet Security Threat Report X Internet Security Threat Report VI Figure 1.Distribution Of Attacks Targeting Web Browsers.

Similar presentations

Ads by Google