http://news.cnet.com/news/0-1003-201-6658647-0.html?tag=tp_pr By Rob Lemos Special to CNET News.com July 27, 2001, 4:00 a.m. PT For one moment last week, the Internet stood still. At midnight Thursday, July 19 GMT, more than 350,000 servers infected with the so-called Code Red worm stopped hammering the Internet with scans searching for vulnerable computers. Instead, the servers targeted an Internet address used as the hub for the White House's public Web site with a denial-of-service attack of such proportions that some feared parts of the Internet would shut down, unable to cope with the unprecedented flood of data. "If this goes along what it's looking like, parts of the Net will go down," predicted Marc Maiffret, chief hacking officer at network-protection company eEye Digital Security. A month earlier, the Aliso Viejo, Calif., company discovered the flaw exploited by the worm in Microsoft's Web servers and was the first to decode the malicious program. In the end, a design flaw in the worm's programming stymied the attack, but the potential threat of hundreds of thousands of servers flooding the wires with garbage data has resurrected concerns about security among those who consider themselves the guardians of the Internet. The Internet was lucky this time, as this particular Code Red program squandered its advantage and left itself vulnerable to security measures. That will not always be the case, said Vern Paxson, staff computer scientist at the Lawrence Berkeley National Laboratory, who analyzed Code Red's quick spread. "This could have been so much worse," he said. Worms have become the tool of choice among malicious vandals on the Internet, but the Code Red strain has proven particularly fast and effective in commandeering a significant portion of the Internet. Unlike other worms that hide in e-mail attachments, such as LoveLetter and SirCam, Code Red does not require fooling an unwitting recipient into opening a document. Paxson said a better author could have clogged the entire Net with garbage data or hit critical parts of the global network with a more effective denial-of-service attack--things that the inevitable variants of this version could still do. "We are in for bumpy times," he said. "I don't see any way out of that." [...] - ISN is currently hosted by Attrition.org To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY of the mail.
This archive was generated by hypermail 2b30 : Sun Jul 29 2001 - 09:19:06 PDT