Information Security News mailing list archives
Virulent worm calls into doubt our ability to protect the Net
From: InfoSec News <isn () c4i org>
Date: Sun, 29 Jul 2001 04:50:24 -0500 (CDT)
http://news.cnet.com/news/0-1003-201-6658647-0.html?tag=tp_pr By Rob Lemos Special to CNET News.com July 27, 2001, 4:00 a.m. PT For one moment last week, the Internet stood still. At midnight Thursday, July 19 GMT, more than 350,000 servers infected with the so-called Code Red worm stopped hammering the Internet with scans searching for vulnerable computers. Instead, the servers targeted an Internet address used as the hub for the White House's public Web site with a denial-of-service attack of such proportions that some feared parts of the Internet would shut down, unable to cope with the unprecedented flood of data. "If this goes along what it's looking like, parts of the Net will go down," predicted Marc Maiffret, chief hacking officer at network-protection company eEye Digital Security. A month earlier, the Aliso Viejo, Calif., company discovered the flaw exploited by the worm in Microsoft's Web servers and was the first to decode the malicious program. In the end, a design flaw in the worm's programming stymied the attack, but the potential threat of hundreds of thousands of servers flooding the wires with garbage data has resurrected concerns about security among those who consider themselves the guardians of the Internet. The Internet was lucky this time, as this particular Code Red program squandered its advantage and left itself vulnerable to security measures. That will not always be the case, said Vern Paxson, staff computer scientist at the Lawrence Berkeley National Laboratory, who analyzed Code Red's quick spread. "This could have been so much worse," he said. Worms have become the tool of choice among malicious vandals on the Internet, but the Code Red strain has proven particularly fast and effective in commandeering a significant portion of the Internet. Unlike other worms that hide in e-mail attachments, such as LoveLetter and SirCam, Code Red does not require fooling an unwitting recipient into opening a document. Paxson said a better author could have clogged the entire Net with garbage data or hit critical parts of the global network with a more effective denial-of-service attack--things that the inevitable variants of this version could still do. "We are in for bumpy times," he said. "I don't see any way out of that." [...] - ISN is currently hosted by Attrition.org To unsubscribe email majordomo () attrition org with 'unsubscribe isn' in the BODY of the mail.
Current thread:
- Virulent worm calls into doubt our ability to protect the Net InfoSec News (Jul 29)