A malicious, self-replicating program known as Code Red Worm targets systems running Microsoft Internet Information Servers (IIS). Several Cisco products are installed (or provided on) the targeted systems. The worm behavior can cause problems for other network devices.
What is Code Red and Code Red II?
The Code Red and Code Red II worms popped up in the summer of 2001. Both worms exploited an operating systemvulnerability that was found in machines running Windows 2000 and Windows NT. The vulnerability was a buffer overflow problem, which means when a machine running on these operating systems receives more information than its buffers can handle, it starts to overwrite adjacent memory.
The original Code Red worm initiated a distributed denial of service (DDoS) attack on the White House. That means all the computers infected with Code Red tried to contact the Web servers at the White House at the same time, overloading the machines.
A Windows 2000 machine infected by the Code Red II worm no longer obeys the owner. That's because the worm creates a backdoor into the computer's operating system, allowing an attacker to access and control the machine. In hacking terms, this is a system-level compromise, and it's bad news for the victim. The attacker behind the virus can access information from the victim's computer or even use the infected computer to commit crimes. That means the victim not only has to deal with an infected computer, but also may fall under suspicion for crimes he or she didn't commit.