353 1 5397973
article header

Code Red Worm – Throwback Tech Thursday

This week in tech history, many notable events occured. In July 1962, the first international communications satellite, Telstar I was launched into orbit. On July 9 1981, Nintendo launched Donkey Kong and Mario (funnily enough, these were designed to mirror Popeye and Bluto). And in July 1936, the patents for the Phillips-head screwdriver were issued. Groundbreaking as all of these were, we have decided to look at another event for this week’s Throwback Tech Thursday. This week, we talk about the Code Red Worm. A worm that threatened to slow down the internet.

What is a worm in computer terms?

A computer worm is a malware program that is able to copy itself and spread to other computers. In many cases, it uses a computer network to spread, thus allowing it to go further. It’s favourite targets are unprotected computers. Worms particularly enjoy harming through networks, which makes it slightly different from a virus, which aims to corrupt computers by inserting itself into a file or an executable program and requires the transfer of files through users, not networks.

According to wikipedia, the term “worm” came from the John Brunner novel, The Shockwave Rider, in 1975. “In that novel, Nichlas Haflinger designs and sets off a data-gathering worm in an act of revenge against the powerful men who run a national electronic information web that induces mass conformity.”

Worms are designed to spread and clog up networks. However, a worm with extra code, or a payload, can often do more damage. They’re capable of deleting files on host systems, encrypting files, or taking data. Often, worms can create backdoors that allow computers to be remotely accessed.

The Code Red Worm

The Code Red worm was released to the internet during this week in 2001. The main target of the worm was the Microsoft IIS web server. According to Nicholas Weaver’s piece, A Brief History of The Worm, “Code Red, demonstrated how swiftly a relatively simple worm can spread on the current Internet infrastructure: it effectively achieved complete infection in a little over twelve hours, even with the aborted early release of a buggy version. Code Red exploited a recently discovered (but patchable) buffer overflow attack in Microsoft’s Internet Information Server. It spread far and fast because of the ‘on by default’ nature of IIS with many versions of Windows NT and 2000.“

Wiki tells us that “the Code Red worm was first discovered and researched by eEye Digital Security employees Marc Maiffret and Ryan Permeh, the Code Red worm exploited a vulnerability discovered by Riley Hassell.” Furthermore, it was called “code red” because apparently, they were drinking Code Red Mountain Dew when they discovered it!

Reaction to the Code Red Worm

According to howstuffworks.com, the first Code Red Worm (there was a Code Red Worm II worm a couple of months later) initiated a Distributed Denial of Service (DDoS) attack on the White House. As a result, all infected computers tried to contact web servers in the White House at the same time. Consequently, the machines in the White House were overloaded. The Malware Wiki tells us that, “If the date is between the 20th and 28th of any month, the worm will send junk data to port 80 on 198.137.240.91, then the IP address of whitehouse.gov (it was changed because of the worm). After the 28th, it goes into an infinite sleep mode and cannot be awakened unless deliberately executed.”

Hysteria – a bit too much

In August 2001, The Guardian reported that the FBI had issued urgent warnings to businesses asking them to protect themselves against this worm. However, many experts like Graham Clulely, from Sophos anti-virus, reckoned that Code Red was overblown, saying, “It’s all been a bit of a damp squib so far. It looks like the soothsayers are the guys with egg on their faces this morning.”

The Guardian also reported that, “Tech news site the Register and virus hoax information site Vmyths both argue that the flood of warning emails, calls to antivirus support lines and general level of hysteria can cause more damage to the internet than the worm itself.”

Who was behind Code Red Worm?

Who created the worm is not entirely clear. However, affected sites in the US displayed a message that read, “”HELLO! Welcome to worm.com! Hacked by Chinese”. But, the wise among us would wonder if this was a diversion tactic.

Fancy getting a deeper insight into code? Why not try our free 5 Day Coding Challenge?