Slashdot Mirror

← Back to Stories (view on slashdot.org)

Code Red Goes The Way Of Y2K

Posted by timothy on from the code-blue dept.

beanerspace writes: "In spite of Michael Hyatt-like hype, the Washington Post now reports that the 8pm EST deadline for the Code Red worm came and went without grinding the internet to a halt. Darn, I was sorta hoping it would so I could take the day off and go fishing." Why is it that Code Red gets the trumpets and klaxons, while Sircam continues to spread private documents(!) with considerably less attention? Update: 08/01 03:41 PM by T : On the other hand, incidents.org's graph shows a different picture of Code Red's progress, as several readers have pointed out. That's a pretty little curve there, isn't it?

14 of 407 comments (clear)

  1. Re:white house by pcurran · · Score: 2, Insightful

    I agree completely that the political aspects of code red have gotten it a lot more media hype. But aside from just the "attack" on whitehouse.gov, what about that "Hacked by Chinese" defacement that was (is?) supposed to be popping up all over the place? The US media loves a good story about those darned Chinese. I think that this may have helped the hype along as well. BTW, has anyone actually seen one of these defacements?

  2. Perhaps if they had researched... by JodoKaast · · Score: 2, Insightful

    ...the Code REd worm, the poster of this story would know that there was no threat of it bringing the net to a standstill today. The real killer day will be on the 20th of this month, when the worm goes from infection mode to DDoS mode. And with 18 MORE days of infection than the one last month (with 300000+ servers compromised) had, I think it is generally assured that the net will slow it's ass down. If the DDoS attack is pointed at a valid target this time...

  3. Oh, but the price! by haapi · · Score: 2, Insightful

    I kind of have to quibble about the 1.2 Billion dollar "price-tag" attributed to Code Red. Any money spent patching software is money that was required to be spent ANYWAY. If your server maintenance is out-sourced, it is that company's responsibility to patch 'em, and then bill you for it, and you pay it because that is what it takes to put a server on the Internet. 'Nuff said.

    --
    Well, apparently, you only have to fool the majority of people for a little while.
  4. Re:No, let it blow! by Zico · · Score: 2, Insightful

    The patch was available for a month before Red Code struck, so how does this show how irresponsible Microsoft is compared to worms that have hit other operating systems? Why has Linux been struck with worms of its own? Does that mean a "closed source, NDA distribution model" is superior, then? Besides, just like with desktops, most web servers on the internet run Windows, so it's not too surprising that more of them get attacked, especially since not only are there more, they're usually used for more important data/applications, especially when it comes to e-commerce.

  5. Re:Incidents.org mini-mirror by baptiste · · Score: 3, Insightful
    Well, be careful - teh top table says 'Hosts Infected' which I take to mean 48,489 NEW hosts were infected that hour (the next hour is up and its like 52,273 for 14:00-15:00 EDT)

    Why? The tbale below shows 115,568 hosts infected today. Funny part is the #'s don't add up - if you add the # of hosts for each hour in teh table above you get close to 200K, not 115K - makes no sense at all.

    Actually, my guess is the top table shows how many infected hosts were SEEN during that hour and the table below highlights the totla # of unique IPs infected since the start of the day?

    --
    Top Most Bizarre/Disturbing Error Messages
  6. It's only just started! by Dr_Cheeks · · Score: 4, Insightful
    Code Red propagates itself throughout the month until somewhere near the end (19th, IIRC) when it starts to attack whitehouse.gov.

    Remember; there was no major problem with Code Red until it was almost time for it to attack last time around because it hadn't infected enough hosts. This is not yet over and will get progressively worse throughout the month.

    That is, of course, assuming that Gibson was right yesterday when he said it will still be active....

    And don't start hyping sircam - I'm enjoying reading private documents ; )

    --

  7. Billions of dollars spent... by tonywestonuk · · Score: 4, Insightful

    And nothing happens!! - So, this means it was a waste of time/money patching up the servers then? As with Y2k, If the time/money wasn't spent sorting out the systems, things could have been as predicted.

  8. Re:I don't know about you by mike_the_kid · · Score: 5, Insightful
    This is not really a joke, though some will see it as MS bashing:

    Code Red would have started with about 200,000 existing infected machines, except that:
    • How many of those upatched 2000 / NT boxes do you think have been up for the whole time since the worm went into remission? Remember rebooting will remove the worm from memory (though you would probably eventually be reinfected.)
    • If any 2000 box is not being kept up to date on its patches and is running IIS, what do you think its uptime is going to be like? I say not good.

    It will not stop the worm from growing, but it will play a role in controlling the code red.

    If this incarnation of the worm were really malicious, it would try more than 100 addresses. (though incident.org said that the rng in the latest version is stronger). A relatively benign worm like this is better for the weak sysadmins in the long run, because otherwise they would not have known of this relatively simple security hole.
    --
    Troll Like a Champion Today
  9. OK - it doesn't add up! [was Re:NEW DATA] by baptiste · · Score: 3, Insightful

    OK - I'm confused. Incidents.org is finally recovering from teh /.ing it got this morning. The data on top tracking by hour now says there were 48,489 infected hosts from 1-2 EDT (up from 41,968 the hour before) But the 'Total Infections Today' in teh tabel below says 99,716. So what gives. If the upper table is showing how many infections happened in a given hour (ie the total isn't 48K, but 48K NEW infections happened), it still doesn't add up. Adding all the hourly totals gives you 177,591 infected hosts, not 99,716. It doesn't make sense....

    --
    Top Most Bizarre/Disturbing Error Messages
  10. But what about the media? by Aerog · · Score: 5, Insightful

    The question is, why is it that Code Red was trumpeted as the "End of the entire Internet as It Is", with no mention that it only affects MS IIS servers. The news story I heard made no mention of the systems affected, simply summarizing it as "Webservers everywhere". No, this isn't intended to be Microsoft-bashing, but what would have been the situation had it gone off and the world realized that only a certain server configuration was affected? Would that have been glossed over in the same way that the vulnerablilty was?

    It's just like Y2K. It's a problem that is basically centred around a specific flaw that is NOT present in all computers, yet trupmeted by the media as "The Be All and End All" of computer problems "destined to destroy our information-superhighway society". Yet, when you look into it, it's not as large as it's supposed to be. Could this be the reason that the vast majority of the population is afraid to click the mouse too fast in fear that they "break" their computer?

    --

    - Relativistic? That's barely Newtonian!
  11. Re:Affects more than just IIS servers by daviddennis · · Score: 5, Insightful

    Yes, but you can bet it would be a horrible public relations disaster for Honda.

    This deserves to be the same for Microsoft, for exactly the same reason.

    D

  12. Code Red...unneeded hype..... by Chanc_Gorkon · · Score: 3, Insightful
    Yeah the problem could have been serious if we all had our heads buried in the ground, but most of us, even the dumb ones have heard about this. In my town they even talked about it on Talk Radio. While I agree that there was some need for a warning/alert, I feel, because of the nature of the virus, there was TOO much hype.

    Ever hear the weather service worry about issuing a warning when one was not needed? You do. Why do they worry about it? The answer is because when a warning REALLY needs to be issued and that F5 tornado IS on the ground, people may loose their life because they ignore the warning. They don't want to risk not issuing a warning, but if there's a possible severe storm heading our way, they want to make sure it's severe before issuing the warning (hence weather spotters, advancing NEXRAD and other things of this sort). If they just issued a warning for every cell that has a possiblity of being severe, then the poeple may dismiss a valid warning.

    Why does this compare to the Code Red thing? If you hype the virus too much, if the attack is benign or doesn't happen, then when a real bad virus hits and spreads across the net, the people will ignore it and open the stupid attachment or not patch the computer. The media needs to start being responsible and until the media becomes less liberal and less concerned about getting ratings, we will have to live with over hypeness such as Y2K and the Code Red. And when the big one comes, because the media cried wolf so many times, the un-thinking populus will suffer. Also, there were people worrying about their PeeCee's at home when this thing has no danger to the common schlub running Windows 98 or ME. The worst that can happen to them is they have no access or slow access to the internet. The common schlub cares more about the price of gas on the corner then if his internet connection works. (I on the other hand would be freakin! ;) )

    --

    Gorkman

  13. When are virus/worm writers going to get serious? by Colin+Smith · · Score: 3, Insightful

    I mean, these DOS attacks are not really all that damaging. If you want to cause some damage then you alter a few words in word files and web pages, change a few numbers in spreadsheets and databases every few days.

    Data *corruption* is far more damaging than blitzing a server or formatting a hard disk. It's where the real danger lies.

    You DOS a server, they move it to a different address. You format a hard disk, they restore from last nights backup but if you modify a couple of files here or there and If you reset the modification date then they won't even notice until all the backups are corrupt as well.

    They now have to check *every* document, spreadsheet and database by hand to see if it's been modified and then try to find an unmodified version in the backup. It could get very nasty if the documents/spreadsheets/databases have *also* been updated legitimately in the meantime, mixing legitimate information with junk.

    So, I'm not worried about files being deleted or servers being DOSd. I have backups, I can move servers, it's a minor inconvenienience at worst.

    I'm worried about trojans/worms which search boxes and *change* information.

    --
    Deleted
  14. Affects more than just IIS servers by CausticPuppy · · Score: 5, Insightful

    How about this (admittedly cheesy) analogy...
    Say there's some bug that causes all Hondas on the road to stop running. It only infects Hondas though. But that sure would create a traffic mess for everybody, including those that don't drive Hondas.
    Now if thousands of IIS servers are clogging your ISP's routers, your Apache server would seem really slow to anybody trying to access it, if they can get there at all.

    --
    -CausticPuppy "Of all the people I know, you're certainly one of them." -Somebody I don't know