Linggo, Hulyo 15, 2012


About Code Red Virus.

how and when did the virus originated?
 Code Red Virus or Worm last july 13 2001 the virus was first noticed by the senior security engineer for the Chemical abstract services ken eichman the virus attacks almost 1000 websites in different computers, until the virus confirmed by Dshield.org and the next day the eEye digital discover the virus. between the 1st and 20th of each month the virus will rapidly spread including  20th and 28th of the month, the worm will send a junk data to port 80 of  192.137.240.91 then after 28th and it will send a lot of junk data.

who was responsible for creating and distributing it?
    There is no exactly Information about who is the responsible of creating this virus, the eEye said that the virus was first originated in Makati City Philippines. the defaced web page  strongly suggest that the virus was from china. there is a rumors that the Wintermute of the virus coding group 29A is the responsibility of this virus. but Wintermute did code a virus RedCode, which is just a mistaken  for CodeRed. 

how did the virus work and what effect did it have?
  At first the virus will scan the host port 80 if active then it will sends a specially Constructed HTTP get request to the victim attempting to exploit a buffer overflow problem in the indexing service, if the 2nd attempt of the virus will work the virus will automatically install to the system of the victim then the virus will send this message:



 The effect of this virus,  your computer will infinite sleep mode. this virus will self install to your computer and then make a 100 copy of itself but there is a bug of its code and it will create a thousands of copy of itself its like duplicating itself. the virus will check if the TCP port 80 is active if not the virus will send this kind of message:
     Get /Defualt.ida?NNNNNNNNNNNNNNNNNN
NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN
NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN
NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN
NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN
NNNNNNNNNNNNNNNNNNN
%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801
%u9090%u6858%ucbd3%u7801%u9090%u9090%u8190%u00c3
#u0003%u8b00%u531b%u53ff%u0078%u0000%u00=aHTTP/1.

The worm's payload is the string following the last 'N'. Due to a buffer overflow, a vulnerable host interprets this string as computer instructions, propagating the worm. 

What prosecution were brought if any?
  The Code Red Virus really affected millions of computer and websites including the Whitehouse.gov. to the creator of this virus creating this kind of virus that can destroy many computers and  trespass some websites specially the website of the government but somehow we still don't judge the creator of the virus we don't know he/she made this kind of virus. The Chinese people have a high IQ's when it come to technology the Chinese are advance they are really great but some Chinese use their skills in making some kind of things. so be careful of downloading and sharing files.

Reference:
http://computer.howstuffworks.com/worst-computer-viruses4.htm
http://www.f-prot.com/virusinfo/descriptions/codered.html