Switch to MSN internet access
Home page



Code Red still threatens Net
Computers left vulnerable to malicious attack
By Robert Lemos
CNET
VANCOUVER, British Columbia, April 5 — Security researchers presented data on Friday indicating that Code Red version 2, a 9-month-old worm, continues to spread slowly across the Internet, compromising computers and leaving them easily accessible to malicious attackers.

     
     
Advertising on MSNBC
Yellow Pages
Auctions at uBid
Personals Channel
Shopping
Newsletters
Weather

 
 
 
 


 
CNET - The source for computers and technology

        AT PRESENT, MORE than 18,000 systems appear to be infected and, with a simple command, could be coopted into an attack that could take down any Web site, said Dug Song, a hacker and security architect for network protection firm Arbor Networks. Song was speaking at the CanSecWest security conference here.
       “We are mostly concerned with the potential for a major distributed denial-of-service (DDoS) attack using the Code Red servers,” Song said. A DDoS attack uses many computers to send a flood of data at a single target, overwhelming the victim’s connection, effectively cutting the victim off from the Internet.
       Song presented the results of Arbor Networks’ seven months of monitoring a large portion of the Internet. Code Red version 2—a variant of the original Code Red worm that fixed a bug in the program’s infection routines—has infected more than 18,000 computers as of April, up from around 14,000 computers in December, Song said.

       Code Red and its two variants use a security hole in Microsoft’s flagship Web server—the Internet Information Server—to spread to computers that don’t have the vulnerability patched. As servers are infected with Code Red, the worm then scans the Internet using specially formatted data, searching for more vulnerable servers.
       The original Code Red had spread slowly—until the modification—and then flooded the Internet, reaching more than 350,000 servers in less than 24 hours, according to data collected by the Cooperative Association of Internet Data Analysis.
       
WORM SLOWED, BUT NOT STOPPED
       Computer security response teams succeeded in stemming the tide, but weren’t able to eradicate the worm, Song said. In total, Arbor has found more than 5 million unique Internet addresses that appear to have been infected with Code Red in the past six months and another 1.7 million that have been infected with Nimda.
Advertisement

Add local news and weather to the MSNBC home page.


       Today, Arbor’s monitoring system still receives nearly 30 probes by infected Code Red servers every minute, Song said. Nimda, a worm that struck a month after Code Red and borrowed several of its tricks, has also stuck around but appears to be slowly disappearing. The original Code Red, and the third variant known confusingly as Code Red II, have both seemingly died off.
       Alfred Huger, vice president of engineering at vulnerability information firm SecurityFocus, said the company’s own monitoring system also continues to detect both Nimda and Code Red.
        Huger shares Song’s concern that the infected machines can be used as a made-to-order attack network for malicious hackers.
       
"Having that many compromised machines. ...They are just begging to be used in a attack,” Huger said.
        Online vandals, even those without much technical knowledge, could listen to the “noise” on the Internet, collecting a list of infected machines attempting to send data to their computers. Then attackers would use that list and send a simple command to each Code Red-infected computer, and the security-compromised system would do their bidding.
        Solving the problem is not easy, Song said.
        “If we try to shut down the systems, when they are turned on, they will just start spreading the worm all over,” Song said.
       
       Copyright © 1995-2002 CNET Networks, Inc. All rights reserved
       
       
    Link Group Image
Internet Sites Enterprise
Internet Sites E-Business
Internet Sites Communications
MSNBC News The Botox Boom
MSNBC News 'Smile. Relax. Smile. Relax.'
MSNBC News Memo to CEOs: Bigger Isn't Better
MSNBC News Paying Up For Quality Care
MSNBC News MSNBC Cover Page

Internet Sites Media
Internet Sites Personal Tech
MSNBC News Tens of millions of unsold cellphones
MSNBC News Free-flying super telescope proposed
MSNBC News MSN Messenger users at risk
MSNBC News Boeing equips theaters with digital
MSNBC News Sega, ESPN enter video game pact
MSNBC News MSNBC Cover Page

MSNBC News Dow sinks 104 points, Nasdaq drops 46
MSNBC News Rules stretched 'to excess' in Enron audit, witness says
MSNBC News Round of layoffs expected at IBM
MSNBC News Cable-TV firms' digital dilemma
MSNBC News A mixed bag for April retail sales
MSNBC News MSNBC Cover Page

  
     
Infocenter Write Us Newstools Help Search MSNBC News
 
  MSNBC VIEWERS' TOP 10  
 

Would you recommend this story to other viewers?
not at all   1    -   2  -   3  -   4  -   5  -   6  -   7   highly

  
   
 
  Download
  MSNBC is optimized for
Microsoft Internet Explorer
Windows Media Player		  
MSNBC Terms,
  Conditions and Privacy © 2002
   
 
Cover | News | Business | Sports | Local News | Health | Technology | Living & Travel
TV News | Opinions | Weather | Comics
Information Center | Help | News Tools | Jobs | Write Us | Terms & Conditions | Privacy
   
Advertisement
Creative Labs NOMAD Jukebox C Di
Creative Labs NOMAD Jukebox C Di
$219.99
BestBuy.com
Delivery or pick up in store!
More MP3/digital audio players