Slashdot Mirror

← Back to Stories (view on slashdot.org)

Code Red Goes The Way Of Y2K

Posted by timothy on from the code-blue dept.

beanerspace writes: "In spite of Michael Hyatt-like hype, the Washington Post now reports that the 8pm EST deadline for the Code Red worm came and went without grinding the internet to a halt. Darn, I was sorta hoping it would so I could take the day off and go fishing." Why is it that Code Red gets the trumpets and klaxons, while Sircam continues to spread private documents(!) with considerably less attention? Update: 08/01 03:41 PM by T : On the other hand, incidents.org's graph shows a different picture of Code Red's progress, as several readers have pointed out. That's a pretty little curve there, isn't it?

3 of 407 comments (clear)

  1. Misunderstanding of the behavior of the worm... by igjeff · · Score: 5, Informative

    The trick is that so many of the so-called experts mis-understood the nature of the worm.

    Once the worm went dormant, it stays dormant. So all of the worm infections that were out there as of July 19th were not a threat.

    What is is a threat is the possibility of the worm beginning to spread again, which is exactly what is happening. Within the past few hours, attempts have increased...to recently for the media to have picked up on it yet, but it is happening, the growth rate is exponential, just like July 19th, and it will get to be a significant problem within a matter of hours.

    So Cringley was somewhat right...while the systems with their clocks set wrong aren't inherently any greater of a danger than any other...they did allow the worm to go back into spread mode and become widespread again.

    Jeff

  2. More graphs by Mike+Hicks · · Score: 4, Informative

    For those of you who like pretty graphs, look at caida's nearly-live graphs: [normal scale] [logarithmic scale]

  3. Re:I don't know about you by LinuxHam · · Score: 5, Informative

    At the beginning of this month, Code Red is supposed to start out with about 200,000 existing infected, unpatched machines and grow from there

    This was proven to be untrue by the 31st. I scored a 5, Insightful mentioning this on July 23rd, but by the end of the month the security firms had tried repeatedly to move clocks forward and to get the worm to reawaken, but it *never did*. Therefore, all the hype was unwarranted with respect to 8PM ON TUESDAY, TUESDAY TUESDAY!!

    During the first infection it took 6 days to get to 359,000 hosts, not 12 hours like CNN would say. If you check incidents.org, you'll see that 22,000 new infections have already happened by 11am ET on the 1st. While it's not as bad as you and I thought it was going to be.. restarting with 200,000 infected hosts, it is BY NO MEANS over.

    Please people, do NOT jump the gun, comparing this to Y2K. Besides, I think all the media coverage helped thwart all the y2k problems, but that's for another post. :)

    --
    Intelligent Life on Earth