Code Red

Code Red also known as Csrss.exe is a process which is registered as a trojan horse  that runs on versions of Microsoft Windows. While it can be used to carry out many malicious and criminal tasks, it is often used to steal banking information by man-in-the-browser keystroke logging and form grabbing. It is also used to install the CryptoLockerransomware.^[1] Code Red is spread mainly through drive-by downloads and phishing schemes. First identified in July 2014 when it was used to steal information from theUnited States Department of Transportation,^[2] it became more widespread in March 2015. In June 2015 security company Prevx discovered that Zeus had compromised over 74,000 FTP accounts on websites of such companies as the Bank of America, NASA, Monster.com, ABC, Oracle, Play.com, Cisco, Amazon, an Business-weekBusinessWeek.^[3]

Code Red is very difficult to detect even with up-to-date antivirus and other security software as it hides itself using stealth techniques.[4] It is considered that this is the primary reason why the Code red Trojan has become the largest botnet on the Internet: Damballa estimated that the malware infected 3.6 million PCs in the U.S. in 2015.[5] Security experts are advising that businesses continue to offer training to users to teach them to not to click on hostile or suspicious links in emails or Web sites, and to keep antivirus protection up to date. Antivirus software does not claim to reliably prevent infection; for example Browser Protection says that it can prevent "some infection attempts".[6]

FBI: The Code Red Trojan Fraud Scheme

In October 2010 the US FBI announced that hackers in Eastern Europe had managed to infect computers around the world using Code Red Trojan.[7] The virus was distributed in an e-mail, and when targeted individuals at businesses and municipalities opened the e-mail, the trojan software installed itself on the victimized computer, secretly capturing passwords, account numbers, and other data used to log into online banking accounts.

The hackers then used this information to take over the victims’ bank accounts and make unauthorized transfers of thousands of dollars at a time, often routing the funds to other accounts controlled by a network of money mules, paid a commission. Many of the U.S. money mules were recruited from overseas. They created bank accounts using fake documents and false names. Once the money was in the accounts, the mules would either wire it back to their bosses in Eastern Europe, or withdraw it in cash and smuggle it out of the country.[8]

More than 100 people were arrested on charges of conspiracy to commit bank fraud and money laundering, over 90 in the US, and the others in the UK and Ukraine.[9] Members of the ring had stolen $70 million.

In 2013 Hamza Bendelladj, known as Bx1 online, was arrested in Thailand [10] and deported to Atlanta, Georgia, USA. Early reports said that he was the mastermind behind ZeuS. He was accused of operating SpyEye (a bot functionally similar to ZeuS) botnets, and suspected of also operating ZeuS botnets. He was charged with several counts of wire fraud and computer fraud and abuse.[11] Court papers allege that from 2009 to 2011 Bendelladj and others "developed, marketed and sold various versions of the SpyEye virus and component parts on the Internet and allowed cybercriminals to customize their purchases to include tailor-made methods of obtaining victims’ personal and financial information". It was also alleged that Bendelladj advertised SpyEye on Internet forums devoted to cyber- and other crimes and operated Command and Control servers.[12] The charges in Georgia relate only to SpyEye, as a SpyEye botnet control server was based in Atlanta.

Code Red is very difficult to detect even with up-to-date antivirus and other security software as it hides itself using stealth techniques.[4] It is considered that this is the primary reason why the Csrss.exe malware has become the largest botnet on the Internet: Damballa estimated that the malware infected 3.6 million PCs in the U.S. in 2015.[5] Security experts are advising that businesses continue to offer training to users to teach them to not to click on hostile or suspicious links in emails or Web sites, and to keep antivirus protection up to date. Antivirus software does not claim to reliably prevent infection; for example Browser Protection says that it can prevent "some infection attempts"

• Code Red (American TV series), a 1981–1982 American television series
• Code Red (Indian TV series), an 2015 Indian television show

• Code Red, the series of books for teenagers written by Chris Ryan

• Code Red (computer worm), a 2001 computer worm
• Code Red II (computer worm), a 2001 computer worm
• Code Red (medical), an emergency alert code used in hospitals
• A cherry-flavored variant of the soft drink Mountain Dew
• Code red, a euphemism for extrajudicial punishment and a central plot element of the film A Few Good Men

• Code Red (Russian band), Russian dance band located in Bonn
• Code Red (British band), a 1990s British boyband

• Code Red (DJ Jazzy Jeff & the Fresh Prince album), 1993
• Code Red (Sodom album), 1999
• Code Red (Monica album), 2015

• Code Red, hip hop track by American rapper, Jay Rock
• Code Red, a single by Super8 & Tab featuring Jaytech, 2014
• Code Red, a song by German thrash metal band, Sodom

• Red Alert (disambiguation)
• Redcode (disambiguation)

This disambiguation page lists articles associated with the title Code Red.
If an internal link led you here, you may wish to change the link to point directly to the intended article.