Worm carries larger warning

[InfoSec News <isn () c4i org>]

http://www.fcw.com/fcw/articles/2001/0730/web-worm-07-31-01.asp

By Diane Frank 
July 31, 2001

Federal computer security experts are using the Code Red computer worm
to raise agency executives' awareness that a formal process is needed
for fixing problems that make systems vulnerable to such attacks.

The worm is poised to spread anew starting at 8 p.m. EDT today, when
it will begin to infect Web servers to use them in a denial-of-service
attack on the White House Web site.

Microsoft Corp. has several software patches available on its Web site
to fix the vulnerability that the worm exploits. The Federal Computer
Incident Response Center (FedCIRC), the National Infrastructure
Protection Center and many private-sector organizations also have
issued alerts with details on the problem and how to fix it.

But while many of those organizations are focused on raising awareness
of this specific worm, FedCIRC is using the opportunity to take
awareness a step further.

"The intention is to send it not just to the techie people, but to let
the senior management at the CIO level and higher know that this could
be a significant problem...but also that this needs to be put on their
plate because it's their responsibility," said Sallie McDonald,
assistant commissioner of the General Services Administration's Office
of Information Assurance and Critical Infrastructure Protection, which
oversees FedCIRC.

FedCIRC regularly sends out technical alerts and information to
federal systems administrators and information security officers, but
rarely to agency chief information officers. But the center has been
moving past that to provide more "English language" warnings for
agency administrators, up to and including the deputy secretaries and
agency heads, McDonald said.

FedCIRC is using its warnings to push an initiative that the CIO
Council and the Office of Management and Budget endorsed last October
after the ILOVEYOU virus hit government systems. In a memo to agency
heads, the council and OMB encouraged agencies to set up a formal
process to report to FedCIRC whether the latest software patches have
been received by the correct agency officials and whether the patches
are correctly put in place.

FedCIRC is developing a new system to help agencies receive and report
on such patches. In August, the center plans to release a request for
proposals for an automatic patch dissemination system, McDonald said.
Using that system, agencies can set up a profile of the operating
systems and applications on their networks, and then have only the
patches for those configurations sent to them for installation.

The initial attack of the Code Red worm this month took advantage of a
vulnerability in Microsoft's Windows NT or Windows 2000 and IIS 4.0 or
5.0. It is now set to start infecting Web servers again and will
continue to look for other hosts until Aug. 19.

Once a system is infected, the worm will direct it to launch a
distributed denial-of-service attack on the White House Web site's
Internet Protocol address between Aug. 20 and Aug. 27.

The White House countered the July attack simply by changing its IP
address by one digit.



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn' in the BODY
of the mail.