Infamous AttacksA Short List Code Red Date: July 2001 Characteristics: Worm that infected Microsoft Internet Information Servers (IISs) and defaced web pages of infected servers with the message "HELLO! Welcome to http://www.worm.com! Hacked By Chinese!" The worm continued spreading and infected more IISs on the Internet. After about 20 days following the infection of a server, the worm launched a denial of service (DoS) attack on several fixed IP addresses, among which was the White House address. We explain DoS in detail in the section "Denial of Service Attacks," later in this chapter. I Love You Date: May 2000 Characteristics: Often called a virus, this attack's behavior is more related to being a worm, considering how it spread. When a user opened an infected e-mail attachment, that user's system was infected, and it replicated itself to everyone in the user's address book. Melissa Date: 1999 Characteristics: Virus that spread inside Microsoft Word macros. Nimda Date: September 2001 Characteristics: Worm that infected Microsoft IISs and any computer on which the e-mail attachment was opened. Nimda's payload is a "traffic slowdown," but it doesn't destroy or cause harm other than creating delays. Slammer Date: January 2003 Characteristics: Sent traffic to randomly generated IP addresses, hoping to find a host that runs the Microsoft SQL Server Resolution Service so that the target can propagate more copies of the worm. Blaster Date: August 2003 Characteristics: The worm was programmed to start a SYN flood attack on August 15 against port 80 of http://www.windowsupdate.com, thereby creating a DoS attack against the site. SYN floods and DoS are explained in the section "Denial of Service Attacks," later in the chapter. SoBig.F Date: August 2003 Characteristics: A worm that set a record for the sheer volume of e-mails it generated. It was also a Trojan horse because it masqueraded as an innocuous e-mail with a subject line such as "RE: Details" and with an attachment with a filename such as details.pif. | 