Code Red was a computer worm observed on the Internet on July 15, 2001. It attacked computers running Microsoft's IIS web server.
The Code Red worm was first discovered and researched by eEye Digital Security employees Marc Maiffret and Ryan Permeh, the Code Red worm exploited a vulnerability discovered by Riley Hassell. They named it "Code Red" because Code Red Mountain Dew was what they were drinking at the time.
Although the worm had been released on July 13, the largest group of infected computers was seen on July 19, 2001. On this day, the number of infected hosts reached 359,000.
CodeRed is a worm that caused possible billions of dollars of damage in the summer of 2001. It contains the text string "Hacked by Chinese!", which is displayed on web pages that the worm defaces. It is also one of the few worms able to run entirely in memory, leaving no files on the hard drive or any other permanent storage (although some variants do).
APT Group Operating on Behalf of Chinese State Interests: The accumulated evidence such as the infection vector, social engineering style, use of RoyalRoad against similar targets, and other similarities between the newly discovered backdoor sample and other known Chinese APT malware all bear the hallmarks of a threat actor operating on behalf of Chinese state-sponsored interests.
About the Author
Lital is a Marketing Team Leader, Storyteller, Technology Marketing Expert. She joined Cybereason as the first marketing hire and built a full marketing department. Specializing in brand building, product marketing, communication and content. Passionate about building ROI-driven marketing teams.
Never miss a blog
Get the latest research, expert insights, and security industry news.