GCIH Question #296: Real Exam Question with Answer & Explanation

The correct answer is D: Code red worm. The Code Red worm (2001) exploited a buffer overflow vulnerability in the indexing service of Microsoft IIS web servers (specifically in the idq.dll component, CVE-2001-0500), allowing it to spread without user interaction and execute arbitrary code. The other malware used differ

Malware Analysis & Advanced Persistent Threats

Question

Which of the following viruses/worms uses the buffer overflow attack?

Options

AChernobyl (CIH) virus
BNimda virus
CKlez worm
DCode red worm

Explanation

The Code Red worm (2001) exploited a buffer overflow vulnerability in the indexing service of Microsoft IIS web servers (specifically in the idq.dll component, CVE-2001-0500), allowing it to spread without user interaction and execute arbitrary code. The other malware used different techniques: the Chernobyl (CIH) virus overwrote the system BIOS and partition tables, the Nimda virus spread via multiple vectors including email attachments and vulnerable IIS web servers, and the Klez worm spread primarily through email and exploited an Outlook rendering vulnerability rather than a classic buffer overflow.

Topics

#Code Red worm#buffer overflow#worm propagation#exploit technique

Community Discussion

No community discussion yet for this question.

Full GCIH Practice