[ISN] Virulent worm calls into doubt our ability to protect the Net

From: InfoSec News (isnat_private)
Date: Sun Jul 29 2001 - 02:50:24 PDT

  • Next message: InfoSec News: "[ISN] World too dependent on Microsoft"

    By Rob Lemos
    Special to CNET News.com
    July 27, 2001, 4:00 a.m. PT 
    For one moment last week, the Internet stood still.
    At midnight Thursday, July 19 GMT, more than 350,000 servers infected
    with the so-called Code Red worm stopped hammering the Internet with
    scans searching for vulnerable computers. Instead, the servers
    targeted an Internet address used as the hub for the White House's
    public Web site with a denial-of-service attack of such proportions
    that some feared parts of the Internet would shut down, unable to cope
    with the unprecedented flood of data.
    "If this goes along what it's looking like, parts of the Net will go
    down," predicted Marc Maiffret, chief hacking officer at
    network-protection company eEye Digital Security. A month earlier, the
    Aliso Viejo, Calif., company discovered the flaw exploited by the worm
    in Microsoft's Web servers and was the first to decode the malicious
    In the end, a design flaw in the worm's programming stymied the
    attack, but the potential threat of hundreds of thousands of servers
    flooding the wires with garbage data has resurrected concerns about
    security among those who consider themselves the guardians of the
    The Internet was lucky this time, as this particular Code Red program
    squandered its advantage and left itself vulnerable to security
    measures. That will not always be the case, said Vern Paxson, staff
    computer scientist at the Lawrence Berkeley National Laboratory, who
    analyzed Code Red's quick spread.
    "This could have been so much worse," he said.
    Worms have become the tool of choice among malicious vandals on the
    Internet, but the Code Red strain has proven particularly fast and
    effective in commandeering a significant portion of the Internet.
    Unlike other worms that hide in e-mail attachments, such as LoveLetter
    and SirCam, Code Red does not require fooling an unwitting recipient
    into opening a document.
    Paxson said a better author could have clogged the entire Net with
    garbage data or hit critical parts of the global network with a more
    effective denial-of-service attack--things that the inevitable
    variants of this version could still do.
    "We are in for bumpy times," he said. "I don't see any way out of
    ISN is currently hosted by Attrition.org
    To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY
    of the mail.

    This archive was generated by hypermail 2b30 : Sun Jul 29 2001 - 09:19:06 PDT