dcsimg
Linux Today: Linux News On Internet Time.




More on LinuxToday


Red Rock Eater: "Code Red" Roundup

Aug 01, 2001, 23:29 (13 Talkback[s])
(Other stories by Phil Agre)
From:   Phil Agre 
Subject: [RRE]"code red" worm
Date:   01 Aug 2001 14:53:56 -0700      

If you want to watch the spread of the "Code Red" worm, here are the
URL's you need.  The bottom line is that it is definitely out there
and spreading exponentially, it may be capable of matching the extent
of the last outbreak, a new version is capable of spreading much more
quickly, the exponential growth may be leveling off, but it will be
a week before anybody knows anything for sure, and so long as there
remain large numbers of unfixed servers, there is nothing to prevent
any of endless thousands of individuals from releasing an even more
sophisticated worm that fixes the remaining obvious mistakes in the
one that's circulating now.  That said, there has been a whole lot
of uninformed panic caused by (among other things) inaccurate reports
that all Windows NT and Windows 2000 machines are at risk of infection.
Only machines running Microsoft's IIS server program are at risk, and
only some of them, and only if they haven't been patched and I suppose
power cycled.  At the same time, everyone is at risk of a bad day if
either the worm's probes or its later DDOS attacks clog up the net or
crash routers.


Code Red Status
(heavy load on this site is making it slow to respond)
http://www.incidents.org/

"Code Red" growth
(the drop at 17:30UTC was caused by their own defenses against the traffic)
http://www.caida.org/analysis/security/code-red/aug1-live-hosts.gif

log-scale version of the graph showing its nice exponential growth
http://www.caida.org/analysis/security/code-red/aug1-live-hosts-log.gif

Rolling 24-hour Latency, Packet Loss, and Reachability
(showing no dramatic effects yet)
http://average.miq.net/


Here are today's news reports in reverse chronological order.

Code Red May Be Picking Up Speed
http://news.cnet.com/news/0-1003-200-6738969.html

Code Red Update -- The Worm Movement Continues
http://www.nipc.gov/pressroom/pressrel/cred2.htm

"Code Red" Effects Go Undetected
http://www.washingtonpost.com/wp-srv/aponline/20010801/aponline001140_000.htm


Here are some relevant documents that I didn't include in earlier mailings.

Code Red Threat FAQ
http://www.incidents.org/react/code_red.php

Cisco Security Advisory: "Code Red" Worm
http://www.cisco.com/warp/public/707/cisco-code-red-worm-pub.shtml

end

Related Stories: