[ISN] Worm carries larger warning

From: InfoSec News (isnat_private)
Date: Wed Aug 01 2001 - 02:47:46 PDT

  • Next message: InfoSec News: "[ISN] NSA's new mode of operation broken in less than 24 hours"

    By Diane Frank 
    July 31, 2001
    Federal computer security experts are using the Code Red computer worm
    to raise agency executives' awareness that a formal process is needed
    for fixing problems that make systems vulnerable to such attacks.
    The worm is poised to spread anew starting at 8 p.m. EDT today, when
    it will begin to infect Web servers to use them in a denial-of-service
    attack on the White House Web site.
    Microsoft Corp. has several software patches available on its Web site
    to fix the vulnerability that the worm exploits. The Federal Computer
    Incident Response Center (FedCIRC), the National Infrastructure
    Protection Center and many private-sector organizations also have
    issued alerts with details on the problem and how to fix it.
    But while many of those organizations are focused on raising awareness
    of this specific worm, FedCIRC is using the opportunity to take
    awareness a step further.
    "The intention is to send it not just to the techie people, but to let
    the senior management at the CIO level and higher know that this could
    be a significant problem...but also that this needs to be put on their
    plate because it's their responsibility," said Sallie McDonald,
    assistant commissioner of the General Services Administration's Office
    of Information Assurance and Critical Infrastructure Protection, which
    oversees FedCIRC.
    FedCIRC regularly sends out technical alerts and information to
    federal systems administrators and information security officers, but
    rarely to agency chief information officers. But the center has been
    moving past that to provide more "English language" warnings for
    agency administrators, up to and including the deputy secretaries and
    agency heads, McDonald said.
    FedCIRC is using its warnings to push an initiative that the CIO
    Council and the Office of Management and Budget endorsed last October
    after the ILOVEYOU virus hit government systems. In a memo to agency
    heads, the council and OMB encouraged agencies to set up a formal
    process to report to FedCIRC whether the latest software patches have
    been received by the correct agency officials and whether the patches
    are correctly put in place.
    FedCIRC is developing a new system to help agencies receive and report
    on such patches. In August, the center plans to release a request for
    proposals for an automatic patch dissemination system, McDonald said.
    Using that system, agencies can set up a profile of the operating
    systems and applications on their networks, and then have only the
    patches for those configurations sent to them for installation.
    The initial attack of the Code Red worm this month took advantage of a
    vulnerability in Microsoft's Windows NT or Windows 2000 and IIS 4.0 or
    5.0. It is now set to start infecting Web servers again and will
    continue to look for other hosts until Aug. 19.
    Once a system is infected, the worm will direct it to launch a
    distributed denial-of-service attack on the White House Web site's
    Internet Protocol address between Aug. 20 and Aug. 27.
    The White House countered the July attack simply by changing its IP
    address by one digit.
    ISN is currently hosted by Attrition.org
    To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY
    of the mail.

    This archive was generated by hypermail 2b30 : Wed Aug 01 2001 - 08:02:54 PDT