Code Red exploited a buffer overflow in the IDQ.DLL component of Microsoft IIS web server software (documented in MS01-033). The worm required no user interaction — it scanned random IP addresses and automatically exploited unpatched IIS servers. At peak on July 19, 2001, Code Red infected 359,000 hosts and was spreading at over 2,000 new infections per minute. The worm defaced infected websites with ‘Hacked By Chinese’ and launched a coordinated DDoS attack against the White House website (www.whitehouse.gov) on the 20th of each month — a hardcoded target that the White House preemptively changed its IP address to avoid. A second variant (Code Red II) installed a backdoor for remote access. Estimated damages: $2.6 billion. The worm demonstrated the catastrophic speed at which internet-facing vulnerabilities could be weaponized at scale and drove adoption of automatic patch deployment by organizations worldwide.