Code Red Worm Set to Crash Net TOMORROW
Thousands of infected servers will launch attack on whitehouse.gov Thursday, jamming traffic.
By Tech Live staff
July 19, 2001
Printer-friendly format
Email this story
Related Articles
· MS Bug Lets Worm Take Over Servers
Tech News Headlines
· Cover Story: The Apple Magic
· Code Red Worm Set to Crash Net
· Make Flashy Titles
· 'Tech Live' Vault
· Tech Video Highlights Hub
more stories...
The Code Red worm quickly spreading across the Internet is programming infected computers to attack the White House Web domain with a denial-of-service attack Thursday night -- a concerted attack that could slow Net traffic to a crawl, security experts said.
The planned attacks on whitehouse.gov will take place on the 20th day of each month (based on Universal Time) as long as a machine is infected, said Marc Maiffret, chief hacking officer at eEye Digital Security, an Internet security firm that released a detailed analysis of the code.
The Code Red worm is believed to have infected at least 100,000 servers so far. First discovered last Friday, the worm exploits a known security flaw in Microsoft's Web server software.
According to Maiffret, each infected server will send as much as 410MB of data every four hours or so, depending on how many times it's been infected (multiple infections are possible). If thousands of infected machines attack whitehouse.gov at once, the flood of data could bring the Net to its knees, he said.
ADVERTISEMENT
"If this goes along what it's looking like, parts of the Net will go down," Maiffret said.
Government officials are reportedly reviewing eEye's analysis.
Dubbed Code Red because of evidence suggesting it originated in China, the self-spreading program defaces infected websites and also contains malicious code that could let hackers identify infected servers and take control of them remotely.
Several posters to the popular Bugtraq security mailing list run by SecurityFocus.com have noticed an unintended side effect of Code Red: The worm seems to be crashing some DSL routers and higher-end network routers that direct data around the Internet.
Code Red works by taking advantage of a glitch in Microsoft's Internet Information Server software. The hole, which eEye discovered, allows hackers to take control of computers. Microsoft first disclosed the security hole June 18 and has made a downloadable patch available on its website. More than 6 million servers on the Internet use the software.
But despite Microsoft's efforts to publicize the flaw, many system administrators have failed to download the patch, according to Scott Culp, security program manager for Microsoft's security response center. This slow response has allowed Code Red to infect millions of servers still using unpatched versions of the software, Culp said.
Even servers running Microsoft's own websites aren't immune from Code Red. Webpages on both MSN.com and Microsoft.com were defaced Thursday, the company said.
Microsoft said it is doing a clean install of system software to get rid of the worm. No sensitive information was compromised, but some customers may experience problems upgrading software, Culp said.
"We are encouraging people to install the patch as soon as possible to prevent any further problems," Culp said, although Microsoft is not contacting all of the IIS users in its subscriber list to let them know the urgency of the situation.
Users with infected servers should reinstall system software with the patches included, Culp said, since the worm could have compromised multiple files.
But the worst may not yet be over.
"We believe that there are copycats... variants of the worm that are out there," Culp said. "We can't verify if all the infections are due to this one worm."
Printer-friendly format |
