Officials Warn of Internet Threat

greenspun.com : LUSENET : Unk's Wild Wild West : One Thread

http://dailynews.yahoo.com/h/ap/20010729/tc/code_red_worm.html

Sunday July 29 8:55 PM ET

Officials Warn of Internet Threat

By D. IAN HOPPER, AP Technology Writer

WASHINGTON (AP) - In an unprecedented show of force against an extremely virulent Internet attack, government and private officials on Monday will implore worldwide organizations to protect themselves from the ``Code Red'' worm.

Representatives from the White House, FBI (news - web sites), Microsoft and others have decided to take the step in the face of one of the largest ever dangers to the Internet. The worm, similar to a virus, could cause widespread slowdowns and sporadic outages.

``The Internet has become indispensible to our national security and economic well-being,'' said Ron Dick, head of the National Infrastructure Protection Center, an arm of the FBI. ``Worms like Code Red pose a distinct threat to the Internet.''

Along with posting various warnings on their Web sites, government officials and representatives from Microsoft were holding a news conference Monday afternoon to publicize their efforts.

The government routinely works with private companies to issue warnings about new hack attacks and viruses, but never before have they made such a high-profile stand.

While the actual infection rate is unknown, it is believed to be in the hundreds of thousands of Internet-connected computers. In just the first nine hours of its July 19 outbreak, it infected more than 250,000 systems.

The government-funded Computer Emergency Response Team said the worm is predicted to start spreading again Tuesday at 8 p.m. EDT.

``This spread has the potential to disrupt business and personal use of the Internet for applications such as electronic commerce, email and entertainment,'' a CERT advisory warns.

The officials are frustrated that even though a software inoculation was made available over a month before the worm's first attack, many computers are still defenseless. The patch, which will protect computers, can be found on Microsoft's Web site.

The worm defaces Web sites with the words ``Hacked by Chinese.'' While it doesn't destroy data, it could be modified to do so. At least two mutations have already been found.

Code Red exploits a flaw discovered in June in Microsoft's Internet Information Services software used on Internet servers. It is found in Windows' NT and 2000 operating systems.

Only computers set to use the English language will have their Web pages defaced and users of Windows 95, Windows 98 (news - web sites) or Windows Me are not affected. For the first 20 days of every month, the worm spreads. From the 20th on, it attacks the White House Web site, trying to knock it offline.

The White House took precautions against it, changing its numerical Internet address to dodge the attack.

Even though the target has moved, the infected computers will still launch their attack. This, officials said, could slow down the Internet causing sporadic but widespread outages.

Last week, the Pentagon (news - web sites) was forced to shut down public access to all of its Web sites temporarily to purge and protect them from the Code Red worm.

Because Code Red spread so quickly, security companies have not been able to figure out who wrote and released it.

Code Red also can damage smaller networks by affecting a certain type of Internet routers, made by Cisco Systems, used for data traffic control.

Steve Lipner, head of Microsoft's security response center, said the company is looking for new ways to distributing patches more efficiently.

The government relies on Microsoft and other technology companies to secure everything from defense networks to financial systems.

``The protection of the Internet requires a partnership with the government, private companies and the public as a whole,'' NIPC's Dick said.

-

On the Net:

National Infrastructure Protection Center: http://www.nipc.gov

Microsoft Security Patch: http://www.microsoft.com/technet/security/bulletin/MS01-033.asp

Code Red technical data: http://www.digitalisland.net/coderedalert

-- (news@of.note), July 30, 2001

Answers

http://dailynews.yahoo.com/h/nm/20010730/ts/tech_codered_dc.html

Monday July 30 5:31 PM ET

'Code Red' Internet Worm May Hit Again Tuesday

By Deborah Zabarenko

WASHINGTON (Reuters) - The fast-spreading ``Code Red'' Internet worm, which disrupted U.S. government Web sites last week, is likely to start multiplying again on Tuesday and could slow the Internet worldwide, officials said on Monday.

Code Red, which first surfaced in mid-July, is expected to re-emerge at 8 p.m. EDT on Tuesday, according to the FBI (news - web sites)'s National Infrastructure Protection Center (NIPC) and other online security watchers.

``There is reason for concern that mass traffic associated with the worm's propagation could degrade the overall functioning of the Internet and impact ordinary users,'' said NIPC Director Ronald Dick at a news conference.

Computers running the Windows NT or Windows 2000 (news - web sites) operating systems and Microsoft's Internet Information Server (IIS) software version 4.0 or 5.0 are vulnerable to infection and the users should install a software patch. Instructions for the patch are available at www.digitalisland.net/codered.

Computer users running Windows 95, Windows 98 (news - web sites) or Windows Me are less vulnerable, and no action was recommended for them.

For infected computers, turning the machine off and then on gets rid of the worm but does not provide immunity from future infection.

Code Red was first noticed in mid-July and appeared to spread most virulently on July 19, but has been largely dormant since about July 23, experts from industry and government said at the news conference to publicize the software patch.

The worm was expected to strike again on Tuesday evening at the hour corresponding to the first instant of Wednesday, August 1, based on so-called universal time, which is the same as Greenwich Mean Time.

The worm, named for a caffeinated soft drink favored by computer programmers, works by installing itself on server computers that then are instructed to blitz government Web sites and others with data, which can slow them down.

UNCONTROLLED GROWTH, WIDESPREAD OUTAGES

``What makes this one different from any other is how dramatically ... it has been able to propagate itself and the viciousness associated with that,'' Dick said.

The worm can also deface sites, though in two of the three known variants, no vandalism is apparent to computer users. In last week's hits, some U.S. government sites showed the message ''Hacked by Chinese.''

It scans the Internet, looking for other computers to infect, and as more and more computers are infected the scanning gets more widespread.

``This uncontrolled growth in scanning directly decreases the speed of the Internet and can cause sporadic but widespread outages among all types of systems,'' the online security watchers said in a joint statement.

The version of Code Red that could hit on Tuesday ``has mutated so that it may be even more dangerous,'' the statement warned. ``This spread has the potential to disrupt business and personal use of the Internet for applications such as electronic commerce, e-mail and entertainment.''

The warning was posted by Microsoft Corp., the FBI center, Carnegie Mellon University's Computer Emergency Response Team (CERT) and other groups.

While the White House Web site managed to avoid disruption when the worm surfaced on July 19, the Pentagon (news - web sites) temporarily cut off public access to hundreds of its Web sites on July 23 to guard against it. Public access was restored to the Defense Department sites on July 24.

Dick noted that on July 19 alone the worm had infected more than 250,000 computer systems in just nine hours and it was estimated it could affect 500,000 Internet addresses in a day.

INVESTIGATING SOURCE OF CODE RED

He said the source of the worm was being investigated, but said it was up to the users of the Internet to take the measures needed to secure the net from such attacks.

``For us to have a safe Internet the public at large has to institute appropriate security measures, of downloading appropriate fixes to various products, making sure that their anti-virus software is continually updated,'' he said.

The worm enters computers when users try to access a Web page, said Roman Danyliw, an Internet Security Analyst at CERT.

``It comes in over the same exact channel that you would use to request a page,'' Danyliw said in a telephone interview from Pittsburgh. ``It's going to a particular Web server, it talks the same language that your browser would be, but this time it inserts this malicious payload, this thing that's going to cause the particular server to be infected.''

It does this by exploiting a vulnerability in the IIS software, he said.

Russ Cooper of security services company TruSecure Corp. said Code Red is ``huge'' compared to the Melissa and ILoveYou viruses.

Code Red is ``enough to cause the meltdown of the Internet,'' Cooper told Reuters. ``Whether your machine is vulnerable or not, if 300,000 machines all try and send you 8 kilobytes of data, you won't be able to use the Net in the process.''

-- (news@of.note), July 31, 2001.


Moderation questions? read the FAQ