[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[infowar.de] IHT 31.7.01: Computer Worm Set to Strike Again
Infowar.de - http://userpage.fu-berlin.de/~bendrath/liste.html
--------------------------- ListBot Sponsor --------------------------
Start Your Own FREE Email List at http://www.listbot.com/links/joinlb
Computer Worm Set to Strike Again
Chris Oakes Special to the International Herald Tribune
Tuesday, July 31, 2001
U.S. and Microsoft Warn Users to Take Up Defense Against 'Code Red'
U.S. government officials, Microsoft Corp., and private security organizations issued an unusually strong warning to Internet users worldwide Monday to protect against a malicious program designed to shower the network with data traffic that could cripple the Net.
Unless hundreds of thousands of affected computers install protective software in time, the aggressive program, know as a "worm," could significantly clog the Internet's information pipes.
As a result, Internet use could be dramatically slowed worldwide, according to the companies and organizations that issued the warning on Monday. Many independent experts, meanwhile, predicted that the global information network may become totally inaccessible in some cases.
Jim Desler, a spokesman for Microsoft - whose Internet software contains the vulnerability that the worm, dubbed "Code Red" exploits - said his only definitive prediction is that the code will begin a renewed round of self-replication and attack on the first day of August. "What it does when it does that remains to be seen," Mr. Desler said. "Its cumulative effect is that it could slow down the Internet worldwide."
Web pages could take longer to load, access from Internet service providers could be interrupted, and e-mail delivery could be halted, experts said.
In a news conference Monday, Microsoft, government officials and industry groups urged computer users to install a software patch necessary to combat the worm's self-propagating distribution among servers connected to the Internet. Information about the fix can be found at http://www.digitalisland.net/coderedalert.
Mr. Desler said Microsoft estimated that half a million users had downloaded the software patch by Monday. But the threat remained that many novice users running Web sites via their home computer may not be aware they have the relevant Microsoft software installed - let alone know about the problem and the patch.
Netcraft, an organization that tracks the types of server software used on the Internet, reports that nearly 6 million computers worldwide run the vulnerable Microsoft server product, contained in Microsoft Windows 2000 and Microsoft Windows NT 4.0.
Experts like Alan Paller, director of research for the System Administration, Networking and Security Institute, or SANS, said most of the servers were probably patched, because they were managed by professional administrators aware of vulnerabilities. The danger lies in the many "Mom and Pop" operations that are running the Microsoft server software.
Russ Cooper, a computer security expert and editor of NTBugtraq, a popular e-mail discussion forum where Windows administrators track system vulnerabilities, sees a "meltdown" of the Internet as a possibility. "We're not just talking about things being slowed," Mr. Cooper said. "We're talking about things being so clogged up that nothing's going anywhere."
The consequences, whatever their scale, should be felt beginning late Tuesday once Code Red has launched itself on enough computers, resulting in an attack categorized as a "Distributed Denial of Service."
On July 19, the White House Web site was a primary target of the worm's first version. Site administrators changed the Internet address, and maintained the site's availability. But now the software has been altered to attack Internet addresses at random, so the resulting impact Internet-wide is expected to be much greater.
"We know that at least 300,000 machines were infected," Mr. Cooper said. "The question is how many have been sanitized and infected since then." Such unknowns make it difficult to gauge how severe Code Red's ultimate impact will eventually be.
Mr. Paller, with the SANS Institute, explained what was unique about Code Red's danger.
"You have the first big infrastructure threat," he said. "This isn't a threat that says, 'I'm gonna cause you personally a problem.' This is a threat that says, 'I'm going to cause the entire Internet a problem - and then all of you get hurt by it.'"
While tempering some of the more dire predictions for the effects, Mr. Paller maintained that the worldwide reach of the worm could be great and its impact felt by many. "This isn't going to take the Internet down but it is going to cause a slowing," Mr. Paller said. "My guess is that there are 2 million machines that could be involved - some people think only few hundred thousand."
Computers running Microsoft Windows NT or Windows 2000 and Microsoft's Internet Information Server software version 4.0 or 5.0 are vulnerable to infection.
A "hole" in the Microsoft code allows an attacker to commandeer the Web server running the software. The worm can turn the server into to a fire hose spraying streams of data onto the Internet and then use it to spread the attack to other computers.
The Code Red worm first infected more than 300,000 computers and disrupted U.S. government Web sites last week.
Because of the ubiquity of Windows 2000 and its built-in server software, many users will not even know they have been compromised, Microsoft warned.
Code Red's rapid spread has so far left security companies unable to figure out who wrote and released it.
Mr. Cooper sees Code Red as a milestone of sorts in virus and worms threats. He said it was the first worm to use Internet servers to attack other Internet servers. Generally, in the past, worms have used e-mail to spread their destructive code.
As for why such a potent attacks are becoming more possible, Mr. Cooper said part of it may be reaching a critical mass of vulnerable computers with the right kind of security flaw. "We had to get to that point on the Internet for this kind of thing to work so well," he said.
Mr. Paller of the SANS Institute said the effort Monday was aimed at deadening the attack. "We're hoping that all this noise is going to get a lot of people to fix it."
He compared the situation to Y2K concerns of New Year's Day 2000, when the world's key energy and communications and transport infrastructures were predicted to fail unless preventative action was taken. It was just because of the early publicity, he believes, that disastrous effects were avoided.
To unsubscribe, write to infowar -
- listbot -