WISH THEY'D MAKE UP THEIR MINDS - Code Red was never a threat

greenspun.com : LUSENET : Current News : One Thread

BBC Thursday, 2 August, 2001, 10:22 GMT 11:22 UK Code Red 'was never a threat' By BBC News Online technology correspondent Mark Ward

The Code Red virus was never a danger to the internet, despite predictions to the contrary by the FBI and security experts.

The disruption of the net initially blamed on the worm was actually caused by a Baltimore tunnel fire which melted key net cables and left many web companies struggling to swap data.

Net monitoring firm Keynote said analysis showed that even when Code Red was at its most rampant last month it had almost no effect on net traffic.

Now anti-virus companies are worrying that the hype could mean people become complacent and do nothing about the continuing security problems plaguing the net.

By 1500 GMT on Thursday, the worm had infected 244,727 computers, though it has caused no noticeable disruption to the internet.

Any potential threat appears to be tailing off as the rate of infection has slowed down.

Train crash not net crash

A coincidence is to blame for all the hype and horror associated with the Code Red worm.

On 18 July just as Code Red was starting to scan for vulnerable web servers, a CSX train carrying hazardous materials was derailed in the Howard Street tunnel in Baltimore.

The derailment and subsequent fire severed cables running through the tunnel used by seven of the biggest net service providers to swap data.

These companies started reporting disruption to the usual running of the net just as Code Red was hitting its stride, leading many people to assume that the worm was doing the damage.

Analysis by Keynote has shown that even at its height, Code Red posed no threat to the running of the net.

"The 19 July Internet Slowdown was NOT due to the worm," it said bluntly in a statement.

"There was no exponential ramp-up of performance degradation during the day or preceding days that would have coincided with the proliferation of the worm," it said, "but a sudden spike in performance that coincided with the time of the train wreck."

Similarly when the worm started scanning again yesterday it did not disrupt the working of the internet.

"We see no significant performance changes on either high or low bandwidth connections, or internationally," said Keynote.

Hype not havoc

Now that the dust is settling some anti-virus and security companies are worrying that the unfulfilled predictions of doom will harm efforts to make the net harder to compromise.

"There's been more hype than havoc," said Graham Cluley of anti-virus company Sophos.

"There will be some people that did not patch themselves earlier and say now they do not have to bother."

The blame for the hype has been laid squarely at the door of the US National Infrastructure Protection Centre which, said Mr Cluley, has a history of making predictions that have not come true.

In the past the NIPC has wrongly predicted that the Y2K bug would be followed by a wave of destructive viruses.

In May it that Chinese hackers were about to wreak havoc on US websites, again a prediction that did not come true.

'Ineffective'

In May the US General Accounting Office issued a report which concluded that the NIPC was "ineffective" when it came to protecting the US against virus and hacking outbreaks and does a poor job of prosecuting hackers.

David L Smith, the self-confessed author of the Melissa virus was caught with the help of the NIPC in December 1999. He has pleaded guilty but has yet to be sentenced.

Last month a US Senate panel criticised the NIPC and said it had not got any better at its job since the GAO report was issued.

But, said Mr Cluley, just because the Code Red worm had not wrought havoc people should not assume that there is no danger and they should not do more to protect web servers and their home computers.

"There is still a big problem to be solved," he said.

Figures collected by the Computer Emergency Response Team, that monitors threats to the internet, show how attacks on the web are escalating.

In the whole of 2000 Cert issued warnings about 1,090 vulnerabilities, yet in the first six months of 2001 it has already seen evidence for 1, 151 vulnerabilities.

-- Anonymous, August 02, 2001


Moderation questions? read the FAQ