What is Code Red?

code red computer virus (WORM)

The Code Red worm was first discovered and researched by eEye Digital Security employees Marc Maiffret and Ryan Permeh, the Code Red worm exploited a vulnerability discovered by Riley Hassell. They named it "Code Red" because Code Red Mountain Dew was what they were drinking at the time.


Although the worm had been released on July 13, the largest group of infected computers was seen on July 19, 2001. On this day, the number of infected hosts reached 359,000.


 code red screen


CodeRed is a worm that caused possible billions of dollars of damage in the summer of 2001. It contains the text string "Hacked by Chinese!", which is displayed on web pages that the worm defaces. It is also one of the few worms able to run entirely in memory, leaving no files on the hard drive or any other permanent storage (although some variants do).


Related Articles

PortDoor: New Chinese APT Backdoor Attack Targets Russian Defense SectorLital Asher-Dotan

Lital is a Marketing Team Leader, Storyteller, Technology Marketing Expert. She joined Cybereason as the first marketing hire and built a full marketing department. Specializing in brand building, product marketing, communication and content. Passionate about building ROI-driven marketing teams.


Related Posts

Malicious Life Podcast: Fred Cohen, The Godfather of Computer Viruses [ML B-Side]

Malicious Life Podcast: Fred Cohen, The Godfather of Computer Viruses [ML B-Side]

Dr. Fred Cohen not only introduced the name ‘computer virus’, a term invented by his mentor, Leonard Adelman, but was also the first to analyze computer viruses in a rigorous mathematical way...


Malicious Life Podcast: Andrew Ginter - A 40-Year-Old Backdoor

Malicious Life Podcast: Andrew Ginter - A 40-Year-Old Backdoor

Ken Thompson is a legendary computer scientist who also made a seminal contribution to computer security in 1983 when he described a nifty hack that could allow an attacker to plant almost undetectable malicious code inside a C compiler. Surprisingly, it turns out a very similar hack was also used in the SolarWinds attack - check it out...


APT Group Operating on Behalf of Chinese State Interests: The accumulated evidence such as the infection vector, social engineering style, use of RoyalRoad against similar targets, and other similarities between the newly discovered backdoor sample and other known Chinese APT malware all bear the hallmarks of a threat actor operating on behalf of Chinese state-sponsored interests.


Comments

Post a Comment

Popular posts from this blog

What is a Multipartite Virus

 A multipartite virus is a type of fast-acting malware that attacks a device's boot sector and executable files simultaneously. Multipartite viruses are often considered more problematic than traditional computer viruses due to their ability to spread in multiple ways. They are considered to be much more destructive than other viruses. Multipartite viruses infect computer systems multiple times, at varying times and in order to eradicate the virus it must be purged from the entire system. Failure to do so can result in the system being repeatedly re-infected if all parts of the virus are not eradicated.  The first reported instance of a multipartite virus was in 1989. Ghostball was the name of this particular virus and it targeted the executable files and boot sectors of the computers it infected. However, Ghostball wasn’t able to reach many victims as the internet was fairly new at the time it started spreading. Now with around half of the global population active online, mul...
Read more

What is the KLEZ virus?

 Klez is a worm that spreads via the Internet by attaching itself to mass-mailed emails using SMTP to pass itself along. The worm virus itself is a Windows PE EXE file of about 65Kb in size and is written in Microsoft Visual C++. The subject line of the email carrying the virus payload is randomly selected from a list of possible choices. The email message “From:” field will contain either one of the addresses found in a search of address books and files on the computer or an address taken from a list inside the virus body. When the virus was released, millions of email messages results and were sent around the world. This caused some messaging servers to fail and cripple internal company communications systems. Some claims were made that this virus caused billions of dollars of administrator’s and user’s time in dealing with all the errant messages, recovering failed systems and opportunities lost as a result of the failed communications. Those using GMS Anti-Virus were quickly pr...
Read more

Cryptolocker Virus Definition

 Cryptolocker is a malware threat that gained notoriety over the last years. It is a Trojan horse that infects your computer and then searches for files to encrypt. This includes anything on your hard drives and all connected media — for example, USB memory sticks or any shared network drives. In addition, the malware seeks out files and folders you store in the cloud. Only computers running a version of Windows are susceptible to Cryptolocker; the Trojan does not target Macs. Once your desktop or laptop is infected, files are "locked" using what's known as asymmetric encryption. This method relies on two "keys," one public and one private. Hackers encrypt your data using the public key, but it can only be decrypted using the unique private key they hold. The Cryptolocker virus will display warning screens indicating that your data will be destroyed if you do not pay a ransom to obtain the private key. Common Infection Methods and Risks The most common method of...
Read more