IP: Officials Fight 'Code Red' Attack

[David Farber <dave () farber net>]

> Would be easier and better to have fought the problem when the software 
> was designed. It is hard to retrofit security into existing systems.


Dave

ps published in full due to severity of the problem

> Officials Fight 'Code Red' Attack
>
> By THE ASSOCIATED PRESS
>
>
>
> Filed at 4:53 p.m. ET
>
> WASHINGTON (AP) -- In an unprecedented show of force against an
> extremely virulent Internet attack, government and private
> officials on Monday will implore worldwide organizations to protect
> themselves from the ``Code Red'' worm.
>
> Representatives from the White House, FBI, Microsoft (news/quote)
> and others have decided to take the step in the face of one of the
> largest ever dangers to the Internet. The worm, similar to a virus,
> could cause widespread slowdowns and sporadic outages.
>
> ``The Internet has become indispensible to our national security
> and economic well-being,'' said Ron Dick, head of the National
> Infrastructure Protection Center, an arm of the FBI. ``Worms like
> Code Red pose a distinct threat to the Internet.''
>
> Along with posting various warnings on their Web sites, government
> officials and representatives from Microsoft were holding a news
> conference Monday afternoon to publicize their efforts.
>
> The government routinely works with private companies to issue
> warnings about new hack attacks and viruses, but never before have
> they made such a high-profile stand.
>
> While the actual infection rate is unknown, it is believed to be in
> the hundreds of thousands of Internet-connected computers. In just
> the first nine hours of its July 19 outbreak, it infected more than
> 250,000 systems.
>
> The officials are frustrated that even though a software
> inoculation was made available over a month before the worm's first
> attack, many computers are still defenseless. The patch, which will
> protect computers, can be found on Microsoft's Web site.
>
> The worm defaces Web sites with the words ``Hacked by Chinese.''
> While it doesn't destroy data, it could be modified to do so. At
> least two mutations have already been found.
>
> Code Red exploits a flaw discovered in June in Microsoft's Internet
> Information Services software used on Internet servers. It is found
> in Windows' NT and 2000 operating systems.
>
> Only computers set to use the English language will have their Web
> pages defaced. From the first through the 19th of every month, the
> worm spreads. From the 20th on, it attacks the White House Web
> site, trying to knock it offline.
>
> The White House took precautions against it, changing its numerical
> Internet address to dodge the attack.
>
> Even though the target has moved, the infected computers will still
> launch their attack. This, officials said, could slow down the
> Internet causing sporadic but widespread outages.
>
> Last week, the Pentagon was forced to shut down public access to
> all of its Web sites temporarily to purge and protect them from the
> Code Red worm.
>
> Because Code Red spread so quickly, security companies have not
> been able to figure out who wrote and released it.
>
> Code Red also can damage smaller networks by affecting a certain
> type of Internet routers, made by Cisco Systems (news/quote), used
> for data traffic control.
>
> Steve Lipner, head of Microsoft's security response center, said
> the company is looking for new ways to distributing patches more
> efficiently.
>
> The government relies on Microsoft and other technology companies
> to secure everything from defense networks to financial systems.
>
> ``The protection of the Internet requires a partnership with the
> government, private companies and the public as a whole,'' NIPC's
> Dick said.
>
> ^------
>
> On the Net:
>
> National Infrastructure Protection Center:
> http://www.nipc.gov
>
> Microsoft Security Patch:
> http://www.microsoft.com/technet/security/bulletin/MS01-033.asp
>
> Code Red technical data: http://www.digitalisland.net/coderedalert
>
>
> http://www.nytimes.com/aponline/technology/AP-Code-Red-Worm.html?ex=997466980&ei=1&en=445f11edd0b5530f
>
> /-----------------------------------------------------------------\
>
>
> Visit NYTimes.com for complete access to the
> most authoritative news coverage on the Web,
> updated throughout the day.
>
> Become a member today! It's free!
>
> http://www.nytimes.com?eta
>
>
> \-----------------------------------------------------------------/
>
> HOW TO ADVERTISE
> ---------------------------------
> For information on advertising in e-mail newsletters
> or other creative advertising opportunities with The
> New York Times on the Web, please contact Alyson
> Racer at alyson () nytimes com or visit our online media
> kit at http://www.nytimes.com/adinfo
>
> For general information about NYTimes.com, write to
> > help () nytimes com.
>
> Copyright 2001 The New York Times Company



For archives see: http://www.interesting-people.org/