The Code Red worm has snarled traffic on the Internet and in other networks by infiltrating hundreds of thousands of servers. How did it accomplish that? Here’s an explanation from Rick Fleming, vice president of security operations at Digital Defense Inc. in San Antonio, Texas: “The Code Red worm works against Microsoft IIS servers only and exploits a buffer overflow condition, giving the hacker the ability to run commands at the system user level. A buffer overflow is a specific type of attack where the hacker inserts more information into the “input” field of a form than the receiving program is expecting. The result is that the buffer, or storage area, in the program receiving the information overflows with information, overwriting part of the program stored in memory. If the hacker can overwrite the correct portion of the program in memory using this technique, then the hacker can cause the program in memory to execute the hacker’s program instead. “Since the attack occurs against the Web server, and most firewalls that protect Web servers have to allow ports 80 and 443 in for the Web server to work properly, a firewall will do nothing to stop Code Red. The most effective way to stop Code Red is to make sure that your IIS servers are patched with the latest software updates. Given the high frequency of IIS servers being involved in computer break-ins, I suggest that users either use a different type server or perform patch update checks weekly.”

Complete your profile to continue reading and get FREE access to CUTimes.com, part of your ALM digital membership.

Your access to unlimited CUTimes.com content isn’t changing.
Once you are an ALM digital member, you’ll receive:

  • Critical CUTimes.com information including comprehensive product and service provider listings via the Marketplace Directory, CU Careers, resources from industry leaders, webcasts, and breaking news, analysis and more with our informative Newsletters.
  • Exclusive discounts on ALM and CU Times events.
  • Access to other award-winning ALM websites including Law.com and GlobeSt.com.

Already have an account?


NOT FOR REPRINT

© 2024 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.

Credit Union Times

Join Credit Union Times

Don’t miss crucial strategic and tactical information necessary to run your institution and better serve your members. Join Credit Union Times now!

  • Free unlimited access to Credit Union Times' trusted and independent team of experts for extensive industry news, conference coverage, people features, statistical analysis, and regulation and technology updates.
  • Exclusive discounts on ALM and Credit Union Times events.
  • Access to other award-winning ALM websites including TreasuryandRisk.com and Law.com.

Already have an account? Sign In Now
Join Credit Union Times

Copyright © 2024 ALM Global, LLC. All Rights Reserved.