|
|||
AT PRESENT, MORE than 18,000 systems appear to be infected and, with a simple command, could be coopted into an attack that could take down any Web site, said Dug Song, a hacker and security architect for network protection firm Arbor Networks. Song was speaking at the CanSecWest security conference here. We are mostly concerned with the potential for a major distributed denial-of-service (DDoS) attack using the Code Red servers, Song said. A DDoS attack uses many computers to send a flood of data at a single target, overwhelming the victims connection, effectively cutting the victim off from the Internet. Song presented the results of Arbor Networks seven months of monitoring a large portion of the Internet. Code Red version 2a variant of the original Code Red worm that fixed a bug in the programs infection routineshas infected more than 18,000 computers as of April, up from around 14,000 computers in December, Song said. |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
The original Code Red had spread slowlyuntil the modificationand then flooded the Internet, reaching more than 350,000 servers in less than 24 hours, according to data collected by the Cooperative Association of Internet Data Analysis. WORM SLOWED, BUT NOT STOPPED Computer security response teams succeeded in stemming the tide, but werent able to eradicate the worm, Song said. In total, Arbor has found more than 5 million unique Internet addresses that appear to have been infected with Code Red in the past six months and another 1.7 million that have been infected with Nimda. |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
Today, Arbors monitoring system still receives nearly 30 probes by infected Code Red servers every minute, Song said. Nimda, a worm that struck a month after Code Red and borrowed several of its tricks, has also stuck around but appears to be slowly disappearing. The original Code Red, and the third variant known confusingly as Code Red II, have both seemingly died off. Alfred Huger, vice president of engineering at vulnerability information firm SecurityFocus, said the companys own monitoring system also continues to detect both Nimda and Code Red. Huger shares Songs concern that the infected machines can be used as a made-to-order attack network for malicious hackers. Online vandals, even those without much technical knowledge, could listen to the noise on the Internet, collecting a list of infected machines attempting to send data to their computers. Then attackers would use that list and send a simple command to each Code Red-infected computer, and the security-compromised system would do their bidding. Solving the problem is not easy, Song said. If we try to shut down the systems, when they are turned on, they will just start spreading the worm all over, Song said. Copyright © 1995-2002 CNET Networks, Inc. All rights reserved | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Enterprise E-Business Communications
Media Personal Tech
|
|||||||||||||||||||||||
|
|||||||||||||||||
|
|||||||||||||||||
|
|||||||||||||||||
Advertisement
|
|||||||
Creative Labs NOMAD Jukebox C Di $219.99 BestBuy.comDelivery or pick up in store! |
|||||||
|
|||||||