Following a month of DDoS attacks and security bulletins, computer users were on high alert Aug. 1, 2001, as they waited to see whether the Code Red Worm would reappear to wreak more havoc.
Targeting computers that ran Windows NT or Windows 2000 and used Microsoft IIS web server software, versions 4.0 or 5.0, the backdoor worm kept a strict schedule. On days 1–19 of the month, Code Red scanned the Internet, looking for other vulnerable computers to infect. From day 20 to 27, the malware conducted a denial of service, or DDoS, attack on a specific website (during July 2001, the DDoS target was none other than whitehouse.gov). Then, from day 27 until the end of the month, Code Red took a break, lulling computer users into a sense of security.
“Hacked by Chinese”
Infected web servers displayed web pages with the message “HELLO! Welcome to http://www.worm.com! Hacked by Chinese.”
No one was sure what to expect Aug. 1, but the threat did not materialize. Perhaps picking such a high-profile target hastened Code Red’s demise; the White House thwarted the DDoS attack by redirecting the onslaught of incoming traffic to a different server. Microsoft was not so lucky: One of its web pages, www.windowsupdate.microsoft.com domain, was hacked by Code Red. Microsoft did succeed in releasing the widely adopted security patch that prevented Code Red from inconveniencing more computer users.
Photo: Brent Hofacker / Shutterstock.