Here's a brief primer on buffer overflows, which may be useful
for those learning a little about how Code Red works bonus link to
the colorfully titled "F*** you, Code Red," a brief survey of
Linux/open source enthusiasts' reactions to the worm: a Linux box
running Apache provides a box seat to the show:
"A buffer overflow occurs when someone inputs more data
into a field than that field expects. The text that spills over can
then be executed on the computer. "In layman's terms, it means your
toilet's stopped up and there's stuff everywhere," explained Fred
Stangl, an independent software developer in Langhorne, Pa.
According to the Computer Emergency Response Team, more than 50
percent of the vulnerabilities found in operating systems are due
to buffer overflows, and many are attributable to Microsoft
technology.
Microsoft's software was developed for desktops, where buffer
overflows are a minor problem. But with the same desktops now
attached to the Internet, the problems can leave a gaping hole for
hackers to climb through, critics say."
"Geeks are curious folk, so its no surprise they are
examining Code Red and considering the possibilities; no matter
that it is a Windows problem. It is an equal opportunity visitor,
knocking on all doors. When it shows up, some hackers can't help
but grab it and inspect closely.
Some people are starting to share their observations about the
worm that infects systems running Windows 2000 or IIS. "I set up
apache on my home machine to count the attempts. What is
interesting is that within 10 seconds of starting apache and tail
-f'ing the access_log, I had 1 attempt. Now suppose I was setting
up a Win 2000 machine from the install CD. Chances are I (and
probably most new installs) would be infected before they have a
chance to patch the system," wrote one LUG list participant.
Collectors of Code Red-infected IPs are also noticing certain
broadband ISPs are getting hit hard. Understandably, the worm seems
to travel fastest within its own IP block, which could cause big
problems for cable networks. In fact, subscribers to broadband are
starting to get letters like this one from the Road Runner system
in Tampa Bay, Fla.:"