An Update on the Code Red Worm

The Code Red Worm hit the Internet in July, exploiting a vulnerability in Microsoft's IIS software that was announced in June. The writer(s) of Code Red took advantage of hundreds of thousands of unpatched IIS servers worldwide to launch what could have been a distributed denial of service (DDoS) attack on the White House web site. While the DDoS attack itself might not have been successful, we all were part of history -- Code Red was self-propagating throughout the Internet turning servers into DDoS agents ("zombies"), waiting for the trigger to launch an attack. This kind of thing has been predicted for years.

This presentation provides an overview of the Code Red Worm, describes how it works, and offers suggested counter-measures. URLs for many Internet sites with patches, tools, and additional information are also provided.

Return to Presentations Menu

Gary Kessler

Gary Kessler

Gary C. Kessler is Assistant Professor and program coordinator of the Computer Networking major at Champlain College in Burlington, VT. He is also a consultant specializing in issues related to computer and network security, Internet and TCP/IP protocols and applications, e-commerce, and telecommunications technologies and applications. He was formerly a Senior Network Security Analyst at SymQuest Group, a network integration consulting company in South Burlington, VT and Director of Information Technology at Hill Associates, an international telecommunications training firm with headquarters in Colchester, VT. Gary is a frequent speaker at industry conferences, has written 2 books and over 55 articles on a variety of technology topics, and is an instructor both for his own classes on TCP/IP, network security, and related topics and for the SANS Institute ( He holds a B.A. in Mathematics, an M.S. in Computer Science, and is a CCNA. He is married and has two children. More information can be found at

Copyright, Credits, and Disclaimers

Copyright, 2001 - Distributed Networking Associates. All portions of this presentation are copyrighted by Distributed Networking Associates and/or the organization credited as the source of information. All forms of reproduction and/or recording, including photocopying, tape recording, and video taping are strictly prohibited without the express prior written permission of Distributed Networking Associates. Clipart used may include images from Corel, Broderbund, and IMSI.

Professional Opinions - All information presented and opinions expressed by Distributed Networking are the current opinions of Distributed Networking based on professional judgment and best available information at the time of presentation. Consequently, the information is subject to change, and no liability for advice presented is assumed. Ultimate responsibility for choice of appropriate solutions remains with the Customer.

Please note: By downloading this information, you acknowledge that the sponsor(s) of this information may contact you, providing that they give you the option of opting out of further communications from them concerning this information.  Also, by your downloading this information, you agree that the information is for your personal use only and that this information may not be retransmitted to others or reposted on another web site.  Please encourage colleagues to download their own copy after registering at