Last week saw the 15th anniversary of the appearance of ‘Code Red’ (also known as ‘Bady’) – the first fileless worm, which spread by exploiting a vulnerability in Microsoft IIS, even penetrating Microsoft’s own IIS servers.
Part of the worm’s payload was to launch denial of service attacks against a number of fixed IP addresses – including the then IP address of the White House website.
In August 2001, Costin Raiu
analysed the Win32/Bady.worm, concluding that, had the worm been written just a little more carefully, the impact and damage it caused could have been much, much worse.
Costin’s article can be read
here
in HTML-format, or downloaded
here
as a PDF.
Leave a Reply