Looking for code red , nimda and Msblast worms port number

Discussion in 'malware problems & news' started by raihan, Feb 25, 2005.

Thread Status:
Not open for further replies.
  1. raihan

    raihan Registered Member

    Dec 26, 2004
    Hello Everybody,
    i would like to get your attention because i need you guys help .. i am doing my final year project.. so i got to test different worms with my honey pot system and analyze the result.. in order to do that i need to know which ports code red, nimda and msblaster used to propagete over the network..

    i will be very happy if you help me to sort out my problem .. Thank you...
  2. Sweetie(*)(*)

    Sweetie(*)(*) Registered Member

    Aug 10, 2004
    Hi, very interesting question, i had to scratch my head for a bit..lol, an look up old logs etc.

    Code Red- released 2001 performed attack on TCP port 80, it sent Emails to addresses preloaded into its code, the amount of mail slowed the internet down to a crawl, i think the main target at first was the White house.

    Nimda- released 2001,scaned for backdoors left open from previous Code Red infections, so I believe that it also would have tried to access TCP port 80 at first, though at later dates it may have evolved to different stratergies, i think from memory that Nimda was the first to spread by differing ways, I.E email, Server & Web pages.

    MSblasater- released 2003 exploited Microsoft DCOM remote procedure call (RPC), it attacked TCP port 135 at first then also TCP 139 - 445.
    This is the original MSblaster, later varients have evolved.

    I hope that this info helps.
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.