http://news.bbc.co.uk/hi/english/sci/tech/newsid_1470000/1470246.stm 2 August, 2001 By BBC News Online technology correspondent Mark Ward The Code Red virus was never a danger to the internet, despite predictions to the contrary by the FBI and security experts. The disruption of the net initially blamed on the worm was actually caused by a Baltimore tunnel fire, which melted key net cables and left many web companies struggling to swap data. Net monitoring firm Keynote said analysis showed that even when Code Red was at its most rampant last month it had almost no effect on net traffic. Now, anti-virus companies are worrying that the hype could mean people become complacent and do nothing about the continuing security problems plaguing the net. By 1500 GMT on Thursday, the worm had infected 244,727 computers, though it had caused no noticeable disruption to the internet. Any potential threat appears to be tailing off as the rate of infection has slowed down. Train crash not net crash A coincidence is to blame for all the hype and horror associated with the Code Red worm. On 18 July, just as Code Red was starting to scan for vulnerable web servers, a CSX train carrying hazardous materials was derailed in the Howard Street tunnel in Baltimore, US. The derailment and subsequent fire severed cables running through the tunnel used by seven of the biggest net service providers to swap data. These companies started reporting disruption to the usual running of the net just as Code Red was hitting its stride, leading many people to assume that the worm was doing the damage. Analysis by Keynote has shown that even at its height, Code Red posed no threat to the running of the net. Train spike "The 19 July Internet Slowdown was not due to the worm," it said bluntly in a statement. "There was no exponential ramp-up of performance degradation during the day or preceding days that would have coincided with the proliferation of the worm," it added, "but a sudden spike in performance that coincided with the time of the train wreck." Similarly, when the worm started scanning again on Wednesday, it did not disrupt the working of the internet. "We see no significant performance changes on either high or low bandwidth connections, or internationally," said Keynote. Now that the dust is settling some anti-virus and security companies are worrying that the unfulfilled predictions of doom will harm efforts to make the net harder to compromise. Hype not havoc "There's been more hype than havoc," said Graham Cluley, of anti-virus company Sophos. "There will be some people that did not patch themselves earlier and say now they do not have to bother." The blame for the hype has been laid squarely at the door of the US National Infrastructure Protection Centre which, said Mr Cluley, had a history of making predictions that had not come true. In the past, the NIPC has wrongly predicted that the Y2K bug would be followed by a wave of destructive viruses. In May, it said that Chinese hackers were about to wreak havoc on US websites - again, a prediction that did not come true. 'Ineffective' agency In May, the US General Accounting Office issued a report that concluded the NIPC was "ineffective" when it came to protecting the US against virus and hacking outbreaks and did a poor job of prosecuting hackers. David L Smith, the self-confessed author of the Melissa virus, was caught with the help of the NIPC in December 1999. He has pleaded guilty but has yet to be sentenced. Last month, a US Senate panel criticised the NIPC and said it had not got any better at its job since the GAO report was issued. But, said Mr Cluley, just because the Code Red worm had not wrought havoc people should not assume that there was no danger and they should not do more to protect web servers and their home computers. "There is still a big problem to be solved," he said. Figures collected by the Computer Emergency Response Team (Cert), which monitors threats to the internet, show how attacks on the web are escalating. In the whole of 2000, Cert issued warnings about 1,090 vulnerabilities, yet in the first six months of 2001 it has already seen evidence for 1, 151 vulnerabilities. - ISN is currently hosted by Attrition.org To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY of the mail.
This archive was generated by hypermail 2b30 : Mon Aug 06 2001 - 03:07:58 PDT