Code Red
Affected product: Microsoft Internet Information Services
Type: Worm
Estimate date of origin: 2001-07-12
Impact: Worm that speard itself and then launch DoS attack against server IP addresses, including the white house website.
Recommended action: Patch MS01-033
Noteworty:
If I remember correctly, it is the first internet worm that infect windows hosts.
The number of infected hosts reached 350+ K.
It is using remote buffer overflow vulnerability that affect all version of MS IIS webserver.
The first variant of the worm arose on July 12 and a second variant began to spread more rapidly on July 19.
Trivia: The good folks in NZ-NOG were in the conference bridge to prepare blackhole the Code Red traffic by “flushing the traffic down the toilet bowl”, but “toilet bowl” didn’t sound nice…while there were chat about sink hole opening up in North of Auckland and how they happen in Florida…. then they started to user the term “sink hole” instead of “toilet bowl”.
It was name “Code Red” because Code Red Mountain Dew that the researchers were drinking.