Looking for code red , nimda and Msblast worms port number

Discussion in 'malware problems & news' started by raihan, Feb 25, 2005.

Thread Status:
Not open for further replies.
  1. raihan

    raihan Registered Member

    Dec 26, 2004
    Hello Everybody,
    i would like to get your attention because i need you guys help .. i am doing my final year project.. so i got to test different worms with my honey pot system and analyze the result.. in order to do that i need to know which ports code red, nimda and msblaster used to propagete over the network..

    i will be very happy if you help me to sort out my problem .. Thank you...
  2. Sweetie(*)(*)

    Sweetie(*)(*) Registered Member

    Aug 10, 2004
    Hi, very interesting question, i had to scratch my head for a bit..lol, an look up old logs etc.

    Code Red- released 2001 performed attack on TCP port 80, it sent Emails to addresses preloaded into its code, the amount of mail slowed the internet down to a crawl, i think the main target at first was the White house.

    Nimda- released 2001,scaned for backdoors left open from previous Code Red infections, so I believe that it also would have tried to access TCP port 80 at first, though at later dates it may have evolved to different stratergies, i think from memory that Nimda was the first to spread by differing ways, I.E email, Server & Web pages.

    MSblasater- released 2003 exploited Microsoft DCOM remote procedure call (RPC), it attacked TCP port 135 at first then also TCP 139 - 445.
    This is the original MSblaster, later varients have evolved.

    I hope that this info helps.
Thread Status:
Not open for further replies.