This is from the AOL news site.
Judy
Officials Warn of 'Code Red' Internet Threat
By Deborah Zabarenko
Reuters
WASHINGTON (July 30) - The fast-spreading ''Code Red'' Internet worm, which
disrupted U.S. government Web sites last week, is likely to start multiplying
again on Tuesday and could slow the Internet worldwide, officials said on
Monday.
Code Red, which first surfaced in mid-July, is expected to re-emerge at 8
p.m. EDT on Tuesday, according to the FBI's National Infrastructure
Protection Center (NIPC) and other online security watchers.
''There is reason for concern that mass traffic associated with the worm's
propagation could degrade the overall functioning of the Internet and impact
ordinary users,'' said NIPC Director Ronald Dick at a news conference.
Computers running the Windows NT or Windows 2000 operating systems and
Microsoft's Internet Information Server (IIS) software version 4.0 or 5.0 are
vulnerable to infection and the users should install a software patch.
Instructions for the patch are available at www.digitalisland.net/codered.
Computer users running Windows 95, Windows 98 or Windows Me are less
vulnerable, and no action was recommended for them.
For infected computers, turning the machine off and then on gets rid of the
worm but does not provide immunity from future infection.
Code Red was first noticed in mid-July and appeared to spread most virulently
on July 19, but has been largely dormant since about July 23, experts from
industry and government said at the news conference to publicize the software
patch.
The worm was expected to strike again on Tuesday evening at the hour
corresponding to the first instant of Wednesday, August 1, based on so-called
universal time, which is the same as Greenwich Mean Time.
The worm, named for a caffeinated soft drink favored by computer programmers,
works by installing itself on server computers that then are instructed to
blitz government Web sites and others with data, which can slow them down.
UNCONTROLLED GROWTH, WIDESPREAD OUTAGES
''What makes this one different from any other is how dramatically ... it has
been able to propagate itself and the viciousness associated with that,''
Dick said.
The worm can also deface sites, though in two of the three known variants, no
vandalism is apparent to computer users. In last week's hits, some U.S.
government sites showed the message ''Hacked by Chinese.''
It scans the Internet, looking for other computers to infect, and as more and
more computers are infected the scanning gets more widespread.
''This uncontrolled growth in scanning directly decreases the speed of the
Internet and can cause sporadic but widespread outages among all types of
systems,'' the online security watchers said in a joint statement.
The version of Code Red that could hit on Tuesday ''has mutated so that it
may be even more dangerous,'' the statement warned. ''This spread has the
potential to disrupt business and personal use of the Internet for
applications such as electronic commerce, e-mail and entertainment.''
The warning was posted by Microsoft Corp., the FBI center, Carnegie Mellon
University's Computer Emergency Response Team (CERT) and other groups.
While the White House Web site managed to avoid disruption when the worm
surfaced on July 19, the Pentagon temporarily cut off public access to
hundreds of its Web sites on July 23 to guard against it. Public access was
restored to the Defense Department sites on July 24.
Dick noted that on July 19 alone the worm had infected more than 250,000
computer systems in just nine hours and it was estimated it could affect
500,000 Internet addresses in a day.
INVESTIGATING SOURCE OF CODE RED
He said the source of the worm was being investigated, but said it was up to
the users of the Internet to take the measures needed to secure the net from
such attacks.
''For us to have a safe Internet the public at large has to institute
appropriate security measures, of downloading appropriate fixes to various
products, making sure that their anti-virus software is continually
updated,'' he said.
The worm enters computers when users try to access a Web page, said Roman
Danyliw, an Internet Security Analyst at CERT.
''It comes in over the same exact channel that you would use to request a
page,'' Danyliw said in a telephone interview from Pittsburgh. ''It's going
to a particular Web server, it talks the same language that your browser
would be, but this time it inserts this malicious payload, this thing that's
going to cause the particular server to be infected.''
It does this by exploiting a vulnerability in the IIS software, he said.
Russ Cooper of security services company TruSecure Corp. said Code Red is
''huge'' compared to the Melissa and ILoveYou viruses.
Code Red is ''enough to cause the meltdown of the Internet,'' Cooper told
Reuters. ''Whether your machine is vulnerable or not, if 300,000 machines all
try and send you 8 kilobytes of data, you won't be able to use the Net in the
process.''
|
|  |
