The Code Red Worm

In July of 2001, a buffer overflow exploit for the Internet Server
Application Programming Interface (ISAPI) filter of Microsoft’s IIS was
transformed into an automated program called a worm. The worm
attacked IIS systems, exploited the hole, then used the compromised
system to attack other IIS systems. The worm was designed to do two
things, the first of which was to deface the Web page of the system it
had infected. The second function of the worm was to coordinate a
DDoS attack against the White House. The worm ended up failing,
missing its target, mostly due to quick thinking of White House IT staff.
The effects of the worm were not limited to vulnerable Windows
systems, or the White House. The attack cluttered logs of HTTP servers
not vulnerable to the attack, and was found to affect Cisco digital subscriber
line (DSL) routers in a special way. Cisco DSL routers with the Web
administration interface enabled were prone to become unstable and
crash when the worm attacked them, creating a DoS. This left users of
Qwest, as well as some other major Internet service providers, without
access at the height of the worm, due to the sheer volume of scanning.

0 comments: