[ISN] Virulent worm calls into doubt our ability to protect the Net

From: InfoSec News (isnat_private)
Date: Sun Jul 29 2001 - 02:50:24 PDT

Next message: InfoSec News: "[ISN] World too dependent on Microsoft"

Previous message: InfoSec News: "[ISN] Investigation Ordered After Computer Glitch at State Agency Exposes Student Records"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

http://news.cnet.com/news/0-1003-201-6658647-0.html?tag=tp_pr

By Rob Lemos
Special to CNET News.com
July 27, 2001, 4:00 a.m. PT 

For one moment last week, the Internet stood still.

At midnight Thursday, July 19 GMT, more than 350,000 servers infected
with the so-called Code Red worm stopped hammering the Internet with
scans searching for vulnerable computers. Instead, the servers
targeted an Internet address used as the hub for the White House's
public Web site with a denial-of-service attack of such proportions
that some feared parts of the Internet would shut down, unable to cope
with the unprecedented flood of data.

"If this goes along what it's looking like, parts of the Net will go
down," predicted Marc Maiffret, chief hacking officer at
network-protection company eEye Digital Security. A month earlier, the
Aliso Viejo, Calif., company discovered the flaw exploited by the worm
in Microsoft's Web servers and was the first to decode the malicious
program.

In the end, a design flaw in the worm's programming stymied the
attack, but the potential threat of hundreds of thousands of servers
flooding the wires with garbage data has resurrected concerns about
security among those who consider themselves the guardians of the
Internet.

The Internet was lucky this time, as this particular Code Red program
squandered its advantage and left itself vulnerable to security
measures. That will not always be the case, said Vern Paxson, staff
computer scientist at the Lawrence Berkeley National Laboratory, who
analyzed Code Red's quick spread.

"This could have been so much worse," he said.

Worms have become the tool of choice among malicious vandals on the
Internet, but the Code Red strain has proven particularly fast and
effective in commandeering a significant portion of the Internet.
Unlike other worms that hide in e-mail attachments, such as LoveLetter
and SirCam, Code Red does not require fooling an unwitting recipient
into opening a document.

Paxson said a better author could have clogged the entire Net with
garbage data or hit critical parts of the global network with a more
effective denial-of-service attack--things that the inevitable
variants of this version could still do.

"We are in for bumpy times," he said. "I don't see any way out of
that."

[...]



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY
of the mail.

Next message: InfoSec News: "[ISN] World too dependent on Microsoft"
Previous message: InfoSec News: "[ISN] Investigation Ordered After Computer Glitch at State Agency Exposes Student Records"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Sun Jul 29 2001 - 09:19:06 PDT