Nicholas Donovan asks “How much longer
is business going to stand by and continue to pay-out for shoddy
software and be told they’re being done a favor?” Code Red
continues to wreak havoc here and there, and expose some
interesting problems with identifying compromised hosts correctly,
as the Incidents.org site, a Linux-based site, was nearly blocked
by AT&T on the basis of claims that it had a Code Red problem
from ARIS. Readers may also be interested in ‘Code Red III,’
currently reported from
Korea
“A popular Web site for information about the Code Red
worm was nearly shut down Thursday following erroneous reports that
it had been infected with the malicious, self-propagating worm. The
occurrence has raised tempers between two leading security
organizations.Operators of Incidents.org, a site maintained by the SANS
Institute, a security research and education organization, say they
were nearly cut off from the Internet by their upstream Internet
service provider after the ISP, AT&T Business, was notified
that the site was being used to launch Code Red attacks.“AT&T was just about ready to block access to our site,
which would have caused a major disruption of service to us,” said
Matt Fearnow, incident handler for SANS.”