New, nastier Code Red spreads fast

greenspun.com : LUSENET : Grassroots Information Coordination Center (GICC) : One Thread

New, nastier Code Red spreads fast Bug leaves back door so hackers can break in later; an estimated 400,000 Web servers now wide open to attack By Bob Sullivan MSNBC

Aug. 5 — A new computer worm that acts much like Code Red but packs a much nastier payload began spreading around the Internet over the weekend and has now infected hundreds of thousands of computers. The worm leaves a “back door” in infected systems, making them easy for an intruder to infiltrate later. According to Elias Levy, spokesperson for SecurityFocus.com, an estimated 400,000 computers had been infected by Sunday afternoon — and every one is now defenseless against attack by a computer intruder.

MSNBC

-- Martin Thompson (mthom1927@aol.com), August 05, 2001

Answers

Code Red II computer worm spreads in U.S. computers, affects some Associated Press operations

By D. IAN HOPPER The Associated Press 8/8/01 10:33 PM

WASHINGTON (AP) -- The viruslike Code Red II computer worm has spread this week to affect thousands of home and business computers nationwide. The worm disrupted some Associated Press services delivered by the Internet on Wednesday.

The AP outage did not affect transmission of AP's main news and photo services, which are delivered by satellite.

The worm is a program that scans rapidly for vulnerable computers to infect and overload. It can also quickly affect computers linked to a computer it initially targets.

Telecommunications company Qwest reported spotty outages for users of its high-speed Internet service nationwide. A Qwest spokesman said modems made by Cisco Systems were at fault. The Code Red worms can affect some Cisco hardware.

Home cable modem systems in Virginia and New York have also had slow or no service this week due to the worm.

Microsoft, whose software has the vulnerability that lets the Code Red worms attack, has itself been a victim. The company confirmed Wednesday that some computers running Hotmail -- the software giant's free e-mail service -- were infected by one of the worms.

The computer anti-virus company Symantec Corp. estimated that at least a thousand servers had been infected. The original Code Red worm, which appeared last month, infected about 250,000 computers at its peak. Code Red II also leaves a "backdoor" open that a hacker can use to take over the infected computer.

The worm delayed updates of The WIRE, the AP's news Web site. It also affected a photo service used by smaller newspapers and several specialized sites, including sites for graphics and census information. The disruptions began at about 4 a.m. EDT. Most services were restored by early afternoon.

John Reid, AP's director of communications and technology, said all the infected computers had been "scrubbed" and were being checked to make certain they were secure. About 60 AP servers running Microsoft operating systems were infected, he said.

Both versions of the Code Red worm attack only computers running Microsoft Windows NT or 2000 operating systems, with Internet Information Services installed. Microsoft offers a software patch to protect computers from infection.

http://www.oregonlive.com/newsflash/index.ssf?/cgi- free/getstory_ssf.cgi?a0808_BC_CodeRedWorm&&news&newsflash-washington

-- Martin Thompson (mthom1927@aol.com), August 08, 2001.


Moderation questions? read the FAQ