
7
Chapter 2
Thr34t Security Krew
and the TK Worm
e r34t Security Krew, or r34t Krew, removed Code Red variants in the wild
using the TK worm (named after the group), causing more than USD$9 million in
damages with their own malicious activities. Code Red took the world by storm,
spreading in the wild as a fileless network attack worm leveraging a buffer overflow
vulnerability in Windows 2000 Web servers in 2001 and attacking a government
w
ebsite. Minor variations of this code emerged in the wild through the summer of
2001. Before long, network administrators began complaining about Web servers
that constantly attempted to attack their servers