Blaziegirl
7-31-01, 08:38 PM
'Code Red' Internet Worm Expected to Strike Again
By Deborah Zabarenko
Reuters
WASHINGTON (July 31) - The ''Code Red'' Internet worm was likely to launch a new strike on the world's computer systems late Tuesday, possibly slowing Internet traffic to a crawl as it proliferates on computer servers worldwide.
The worm, which stealthily gains entry to Web servers when users call up a page, attacks computers running Microsoft Corp.'s Windows NT and Windows 2000 operating systems; Windows 95, 98 and Me users are not generally vulnerable.
For infected computers, turning the machine off and then on gets rid of the worm but does not provide immunity from future infection. The worm previously struck on July 19, apparently causing the White House to take evasive action to protect its Web site, (http://www.whitehouse.gov).
''It's like something out of 'Invasion of the Body Snatchers,''' said Internet security expert Alan Matthews, referring to a science fiction film in which human bodies were taken over by alien life forms.
But Matthews, chief of New York-based Rapid 7, which develops network software security, said most big businesses and organizations were aware of the threat and had already taken precautions, most notably a software patch available at (http://www.digitalisland.net/codered/).
''I think that the problem comes from small business, who have not the skill-set to be able to detect their systems and determine whether they are infected and it's going to take a while,'' Matthews said in a telephone interview. ''It's going to have a half-life of a couple of months.''
The worm, named for a caffeinated soft drink favored by computer programmers, installs itself on server computers that then blitz government Web sites and others with data, in an attempt to knock them out of commission.
Code Red also defaces sites, though in two of the three known variants no vandalism is apparent to computer users. In last week's hits, some government sites showed the message ''Hacked by Chinese!'' but the Chinese government said the worm probably did not come from China.
LOOKING FOR COMPUTERS TO INFECT
The worm scans the Internet, looking for other computers to infect, and as more computers are infected the scanning gets more widespread.
''This uncontrolled growth in scanning directly decreases the speed of the Internet and can cause sporadic but widespread outages among all types of systems,'' online security watchers said in a warning issued Sunday.
The version of Code Red that could hit Tuesday ''has mutated so that it may be even more dangerous,'' the statement warned. ''This spread has the potential to disrupt business and personal use of the Internet for applications such as electronic commerce, e-mail and entertainment.''
The critical moment was expected at 8 p.m. EDT, the first instant of Wednesday, Aug. 1 to most of the world's computers, when Code Red is expected to reassert itself. Asians will be starting work when it is set to strike. The worm was first recognized in mid-July, and has been dormant for a week.
The worm takes advantage of a vulnerability in Microsoft's Internet Information Server software that the software giant discovered about six weeks ago, said company spokesman Jim Desler.
Since then, Desler said, the software patch has been downloaded nearly 1 million times, but because one download can serve hundreds or even thousands of computers, it is difficult to determine how many computers had been worm-proofed.
Microsoft's Security Response Center will be running as usual later on Tuesday and early Wednesday, Desler said.
Company officials will be in contact with government officials and Internet watchdogs to monitor the situation, he said by telephone from Microsoft's headquarters in Redmond, Washington.
The National Infrastructure Protection Center, led by the Federal Bureau of Investigation, will be monitoring the situation from its round-the-clock Watch and Warning Unit in Washington.
FBI spokeswoman Debbie Weierman stressed that the Code Red risk applied to ordinary home computer users as well as businesses: ''This is not just a corporate problem, it's a citizen problem, not only domestically but globally.''
She said any new Code Red advisories will be posted on the center's Web site, (http://www.nipc.gov).
GLOBAL PREPARATIONS
A spokesman for Europe's biggest software maker, SAP AG, said the group had informed its Information Technology service departments of the threat and advised them to upgrade their fortifications against the Code Red worm. But he said the company did not believe the worm would damage SAP's internal servers.
Nokia, the world's largest mobile phone maker, has taken the necessary precautions since first hearing of the threat, company spokesman Tapani Kaskinen said.
Japan's information technology security branch said government ministries had been urged to patch any security holes but that there had been no reports of damage so far.
Australian computer security experts expected little trouble because of advance warning. Swiss authorities said patches had already been applied in most cases. India's National Informatics Center established heightened security.
A spokesman for Russia's Communications Ministry said it was up to companies to protect themselves and said he did not know whether Russian officials had issued a warning.
Cliff Gauntlett, director of Internet services at Golden Telecom, which serves Russia, said Golden's systems were patched and clients alerted.
''Here people tend to take care of themselves more on a daily basis because of the abuse-type situation,'' Gauntlett said. ''The level of hacking in Russia is obviously greater than in the West.''
By Deborah Zabarenko
Reuters
WASHINGTON (July 31) - The ''Code Red'' Internet worm was likely to launch a new strike on the world's computer systems late Tuesday, possibly slowing Internet traffic to a crawl as it proliferates on computer servers worldwide.
The worm, which stealthily gains entry to Web servers when users call up a page, attacks computers running Microsoft Corp.'s Windows NT and Windows 2000 operating systems; Windows 95, 98 and Me users are not generally vulnerable.
For infected computers, turning the machine off and then on gets rid of the worm but does not provide immunity from future infection. The worm previously struck on July 19, apparently causing the White House to take evasive action to protect its Web site, (http://www.whitehouse.gov).
''It's like something out of 'Invasion of the Body Snatchers,''' said Internet security expert Alan Matthews, referring to a science fiction film in which human bodies were taken over by alien life forms.
But Matthews, chief of New York-based Rapid 7, which develops network software security, said most big businesses and organizations were aware of the threat and had already taken precautions, most notably a software patch available at (http://www.digitalisland.net/codered/).
''I think that the problem comes from small business, who have not the skill-set to be able to detect their systems and determine whether they are infected and it's going to take a while,'' Matthews said in a telephone interview. ''It's going to have a half-life of a couple of months.''
The worm, named for a caffeinated soft drink favored by computer programmers, installs itself on server computers that then blitz government Web sites and others with data, in an attempt to knock them out of commission.
Code Red also defaces sites, though in two of the three known variants no vandalism is apparent to computer users. In last week's hits, some government sites showed the message ''Hacked by Chinese!'' but the Chinese government said the worm probably did not come from China.
LOOKING FOR COMPUTERS TO INFECT
The worm scans the Internet, looking for other computers to infect, and as more computers are infected the scanning gets more widespread.
''This uncontrolled growth in scanning directly decreases the speed of the Internet and can cause sporadic but widespread outages among all types of systems,'' online security watchers said in a warning issued Sunday.
The version of Code Red that could hit Tuesday ''has mutated so that it may be even more dangerous,'' the statement warned. ''This spread has the potential to disrupt business and personal use of the Internet for applications such as electronic commerce, e-mail and entertainment.''
The critical moment was expected at 8 p.m. EDT, the first instant of Wednesday, Aug. 1 to most of the world's computers, when Code Red is expected to reassert itself. Asians will be starting work when it is set to strike. The worm was first recognized in mid-July, and has been dormant for a week.
The worm takes advantage of a vulnerability in Microsoft's Internet Information Server software that the software giant discovered about six weeks ago, said company spokesman Jim Desler.
Since then, Desler said, the software patch has been downloaded nearly 1 million times, but because one download can serve hundreds or even thousands of computers, it is difficult to determine how many computers had been worm-proofed.
Microsoft's Security Response Center will be running as usual later on Tuesday and early Wednesday, Desler said.
Company officials will be in contact with government officials and Internet watchdogs to monitor the situation, he said by telephone from Microsoft's headquarters in Redmond, Washington.
The National Infrastructure Protection Center, led by the Federal Bureau of Investigation, will be monitoring the situation from its round-the-clock Watch and Warning Unit in Washington.
FBI spokeswoman Debbie Weierman stressed that the Code Red risk applied to ordinary home computer users as well as businesses: ''This is not just a corporate problem, it's a citizen problem, not only domestically but globally.''
She said any new Code Red advisories will be posted on the center's Web site, (http://www.nipc.gov).
GLOBAL PREPARATIONS
A spokesman for Europe's biggest software maker, SAP AG, said the group had informed its Information Technology service departments of the threat and advised them to upgrade their fortifications against the Code Red worm. But he said the company did not believe the worm would damage SAP's internal servers.
Nokia, the world's largest mobile phone maker, has taken the necessary precautions since first hearing of the threat, company spokesman Tapani Kaskinen said.
Japan's information technology security branch said government ministries had been urged to patch any security holes but that there had been no reports of damage so far.
Australian computer security experts expected little trouble because of advance warning. Swiss authorities said patches had already been applied in most cases. India's National Informatics Center established heightened security.
A spokesman for Russia's Communications Ministry said it was up to companies to protect themselves and said he did not know whether Russian officials had issued a warning.
Cliff Gauntlett, director of Internet services at Golden Telecom, which serves Russia, said Golden's systems were patched and clients alerted.
''Here people tend to take care of themselves more on a daily basis because of the abuse-type situation,'' Gauntlett said. ''The level of hacking in Russia is obviously greater than in the West.''