[ISN] Code Red 'was never a threat'

From: InfoSec News (isnat_private)
Date: Mon Aug 06 2001 - 01:12:50 PDT

  • Next message: InfoSec News: "RE: [ISN] Microsoft takes heat for Code Red"

    2 August, 2001
    By BBC News Online technology correspondent Mark Ward 
    The Code Red virus was never a danger to the internet, despite
    predictions to the contrary by the FBI and security experts.
    The disruption of the net initially blamed on the worm was actually
    caused by a Baltimore tunnel fire, which melted key net cables and
    left many web companies struggling to swap data.
    Net monitoring firm Keynote said analysis showed that even when Code
    Red was at its most rampant last month it had almost no effect on net
    Now, anti-virus companies are worrying that the hype could mean people
    become complacent and do nothing about the continuing security
    problems plaguing the net.
    By 1500 GMT on Thursday, the worm had infected 244,727 computers,
    though it had caused no noticeable disruption to the internet. Any
    potential threat appears to be tailing off as the rate of infection
    has slowed down.
    Train crash not net crash
    A coincidence is to blame for all the hype and horror associated with
    the Code Red worm.
    On 18 July, just as Code Red was starting to scan for vulnerable web
    servers, a CSX train carrying hazardous materials was derailed in the
    Howard Street tunnel in Baltimore, US.
    The derailment and subsequent fire severed cables running through the
    tunnel used by seven of the biggest net service providers to swap
    These companies started reporting disruption to the usual running of
    the net just as Code Red was hitting its stride, leading many people
    to assume that the worm was doing the damage.
    Analysis by Keynote has shown that even at its height, Code Red posed
    no threat to the running of the net.
    Train spike
    "The 19 July Internet Slowdown was not due to the worm," it said
    bluntly in a statement.
    "There was no exponential ramp-up of performance degradation during
    the day or preceding days that would have coincided with the
    proliferation of the worm," it added, "but a sudden spike in
    performance that coincided with the time of the train wreck."
    Similarly, when the worm started scanning again on Wednesday, it did
    not disrupt the working of the internet.
    "We see no significant performance changes on either high or low
    bandwidth connections, or internationally," said Keynote.
    Now that the dust is settling some anti-virus and security companies
    are worrying that the unfulfilled predictions of doom will harm
    efforts to make the net harder to compromise.
    Hype not havoc
    "There's been more hype than havoc," said Graham Cluley, of anti-virus
    company Sophos.
    "There will be some people that did not patch themselves earlier and
    say now they do not have to bother."
    The blame for the hype has been laid squarely at the door of the US
    National Infrastructure Protection Centre which, said Mr Cluley, had a
    history of making predictions that had not come true.
    In the past, the NIPC has wrongly predicted that the Y2K bug would be
    followed by a wave of destructive viruses.
    In May, it said that Chinese hackers were about to wreak havoc on US
    websites - again, a prediction that did not come true.
    'Ineffective' agency
    In May, the US General Accounting Office issued a report that
    concluded the NIPC was "ineffective" when it came to protecting the US
    against virus and hacking outbreaks and did a poor job of prosecuting
    David L Smith, the self-confessed author of the Melissa virus, was
    caught with the help of the NIPC in December 1999. He has pleaded
    guilty but has yet to be sentenced.
    Last month, a US Senate panel criticised the NIPC and said it had not
    got any better at its job since the GAO report was issued.
    But, said Mr Cluley, just because the Code Red worm had not wrought
    havoc people should not assume that there was no danger and they
    should not do more to protect web servers and their home computers.
    "There is still a big problem to be solved," he said.
    Figures collected by the Computer Emergency Response Team (Cert),
    which monitors threats to the internet, show how attacks on the web
    are escalating.
    In the whole of 2000, Cert issued warnings about 1,090
    vulnerabilities, yet in the first six months of 2001 it has already
    seen evidence for 1, 151 vulnerabilities.
    ISN is currently hosted by Attrition.org
    To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY
    of the mail.

    This archive was generated by hypermail 2b30 : Mon Aug 06 2001 - 03:07:58 PDT