Loading ...
Sorry, an error occurred while loading the content.

Code Red worm/virus info

Expand Messages
  • Sophie and Yiannis Georgiou
    If you, like me, have been hearing a lot about Code Red you may want to find out more about it.
    Message 1 of 1 , Aug 1, 2001
    • 0 Attachment
      If you, like me, have been hearing a lot about
      'Code Red' you may want to find out more about it.
      I thought I'd sent the following:

      >FAQ: The Code Red threat
      >By CNET News.com Staff
      >July 31, 2001, 6:00 p.m. PT
      >CNET News.com answers common questions about the Code Red worm:
      >When will the Code Red worm strike?
      >The worm became active at 5 p.m. PDT Tuesday, potentially launching a new
      >round of infections that could slow parts of the Internet.
      >What is Code Red?
      >Named after a caffeine drink favored by computer programmers, the Code Red
      >worm takes advantage of a hole in Microsoft's Internet Information Server
      >(IIS) Web server software. Starting on July 13 it may have infected more
      >than 350,000 servers worldwide, launching a massive denial-of-service (DoS)
      >attack against the White House's official Web site.
      >The most recent version of the worm fixes a flaw in the way it searches for
      >and records addresses of vulnerable servers. That means the worm could be
      >more virulent as it returns to action Tuesday, launching a data flood that
      >could potentially overwhelm many servers and slow large swatches of the
      >Should everyone be worried about an infection?
      >No. If you are a home computer user running Windows 95, Windows 98 or
      >Windows Me--or any non-Microsoft operating system--the worm cannot infect
      >your system. Only computers running Windows NT or Windows 2000 and IIS can
      >be infected with this worm. The worm doesn't destroy data, but it could be
      >modified to do so. Only computers set to use the English language will have
      >their Web pages defaced.
      >Code Red also can damage smaller networks by calling attention to a
      >vulnerability in Cisco System's 600 series DSL routers. The worm could cause
      >the router to stop forwarding traffic.
      >Although it won't infect home computers, users may experience delays or
      >malfunctioning of their favorite Web sites because of worm-generated surges
      >in Internet traffic. Because of that and the danger it poses to Microsoft
      >Web servers, Microsoft, federal security agencies and trade groups hosted a
      >globally televised press conference Monday to urge businesses to install a
      >software patch that prevents infection.
      >Is there a particular target of the DoS attacks?
      >Yes. From the 20th of every month to the 28th, the worm targets an IP
      >address formerly associated with the White House Web site, flooding it with
      >data in an attempt to knock it offline.
      >The White House took precautions against it, changing its numerical Internet
      >address to dodge the attack. Last week, the Pentagon shut down public access
      >to all of its Web sites temporarily to purge and protect them. But security
      >experts say virus writers could easily alter the worm so it could attack
      >another address.
      >If most people are safe, why are the media, Microsoft and the government
      >making such a big deal of it?
      >Rob Rosenberger, editor of the Vmyths.com news service, said the FBI's new
      >National Infrastructure Protection Center has over-hyped the worm to boost
      >its public profile, in the process prompting many people unaffected by the
      >worm to waste time trying to download and install patches.
      >"Vmyths.com believes they launched a 'Code Red publicity tour' largely to
      >improve their image," Rosenberger said of the FBI. "They suffered intense
      >humiliation last week when (NIPC) Director Ron Dick faced an irate Senate
      >Why is the worm coming back?
      >Code Red remains active between the first of the month and the 28th, when it
      >goes into hibernation. While the worm does not reactivate itself
      >automatically, anyone sending a copy of the worm once the active period
      >begins--in this case at midnight GMT Aug. 1, or 5 p.m. PDT Tuesday--would
      >start a new round of infections to attack mode and barrage the
      >whitehouse.gov Internet domain with large packets of data.
      >Who created the worm?
      >It's unclear. At first, officials suspected that the worm originated in
      >China because some infected Web sites were defaced with the message, "Hacked
      >by Chinese." But a Chinese network safety official denied those allegations
      >on Tuesday.
      >Who's fault is it?
      >Many people blame Microsoft, whose server software contains a vulnerability
      >that enables Code Red to infect servers. Microsoft has also been criticized
      >for allowing other worms, such as those that have spread through the Outlook
      >e-mail software by taking advantage of Microsoft's support for Visual Basic
      >scripts. Microsoft last month botched and apologized for two patches for a
      >flaw in its Exchange e-mail server software.
      >Can anyone stop the worm?
      >Maybe. Security experts could create an automated patching worm, which would
      >spread around the Net and infect vulnerable machines to install the patch.
      >Another idea is an automated program that--when attacked by a server
      >infected with the worm--would attack back, hacking the server, deleting the
      >worm and closing the hole. Such code is called "hack-back."
      >But the ethics of the hack-back approach are murky. Security expert and
      >hacker Max Butler, also known as Max Vision, started an 18-month prison term
      >last month for creating a worm that essentially closed security holes on
      >vulnerable servers. The worm also left an open back door into the servers,
      >casting doubt on Butler's altruistic intentions.
      >The FBI has dismissed using any hack-back tactic as well. "It is not
      >something that we could consider," said spokeswoman Debbie Weierman. "It
      >would basically be viewed as an unauthorized intrusion."
      >What has the tech industry learned from this worm and several other
      >high-profile worms in recent months?
      >Many security experts are questioning the whole approach of expecting
      >software customers to download and install fixes to prevent a particular
      >issue--also known as the "patch and pray" technique.
      >Instead of fixing buggy software, the focus should be on locking down
      >computer systems to prevent activity that could be compromising, said Randy
      >Sandone, CEO of security software maker Argus Systems Group.
      >Christopher W. Klaus, founder of software and services company Internet
      >Security Systems, advocates an approach called "vulnerability scanning" that
      >routinely examines computer systems for possible security threats.
    Your message has been successfully submitted and would be delivered to recipients shortly.