http://www.siliconvalley.com/docs/news/svfront/007647.htm Monday, Aug. 6, 2001 SAN FRANCISCO (Reuters) - They came to dine on filet and smoked duck but a computer worm ended up as the main course. A group of high-powered Internet security experts took their laptops to dinner on Saturday and between courses began analyzing the virulent new worm that now threatens the Web, the researcher who hosted the gathering said Monday. Analysts from Microsoft, Symantec, Computer Associates, Deloitte & Touche and the U.S. Naval Fleet Warfare Center among others had been gathered at the third annual NTBugTraq retreat in Canada when the first reports of Code Red II circulated, said Russ Cooper, surgeon general of TruSecure Corp. The group, representing about 20 companies, was finishing up a six-course dinner that included smoked duck, filet mignon and South Australian Shiraz wine on Saturday night at Cooper's home in Lindsay, Ontario, he said. ``It was a meal with laptops beside the dinner plates,'' said Cooper, who runs the NTBugTraq email list where security alerts about Internet viruses are routinely distributed. Nick Fitzgerald, who works for Computer Associates in New Zealand, was checking his email when he found an alert for members of the Computer Antivirus Researcher's Organization (CARO) around 10:30 p.m. EDT, Cooper said. The email, from a Romanian researcher for Cambridge, England-based antivirus firm Kaspersky Labs, warned of a new Code Red worm. The group gathered around the dinner table in Canada then managed to get a copy of the worm and began disassembling its code, while communicating with researchers in other countries via instant messenger, Cooper said. At 12:30 a.m. EDT, ``we were talking on the phone with a network administrator in Australia, comparing log entries,'' he said. ``We did pretty much cover the globe in terms of speaking to experts around the world.'' Cooper e-mailed a copy of the worm to Bruce Hughes, a manager in TruSecure's Internet Computer Security Association (ICSA) antivirus testing lab, dubbed ``Death Row.'' After being awakened by Cooper's phone call, Hughes drove to the lab in Carlisle, Penn., and got busy infecting several of its 165 computers with the worm to see how it operates, Cooper said. KNEW HOW TO STOP IT Cooper sent out his first Code Red II advisory to the NTBugTraq email list around 11:30 p.m. EDT on Saturday and another one at 5:20 a.m. EDT on Sunday, around the time the group was finally calling it a night. ``We had it pretty well sussed out at that point,'' he said. ''We knew what it could do and how to stop it.'' Other efforts to dissect and analyze the worm were going on at the same time. [...] - ISN is currently hosted by Attrition.org To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY of the mail.
This archive was generated by hypermail 2b30 : Tue Aug 07 2001 - 05:37:42 PDT