Code Red Goes The Way Of Y2K

beanerspace writes: "In spite of Michael Hyatt-like hype, the Washington Post now reports that the 8pm EST deadline for the Code Red worm came and went without grinding the internet to a halt. Darn, I was sorta hoping it would so I could take the day off and go fishing." Why is it that Code Red gets the trumpets and klaxons, while Sircam continues to spread private documents(!) with considerably less attention? Update: 08/01 03:41 PM by T : On the other hand, incidents.org's graph shows a different picture of Code Red's progress, as several readers have pointed out. That's a pretty little curve there, isn't it?

It's only just started!

[Dr_Cheeks]

Code Red propagates itself throughout the month until somewhere near the end (19th, IIRC) when it starts to attack whitehouse.gov.

Remember; there was no major problem with Code Red until it was almost time for it to attack last time around because it hadn't infected enough hosts. This is not yet over and will get progressively worse throughout the month.

That is, of course, assuming that Gibson was right yesterday when he said it will still be active....

And don't start hyping sircam - I'm enjoying reading private documents ; )

Billions of dollars spent...

[tonywestonuk]

And nothing happens!! - So, this means it was a waste of time/money patching up the servers then? As with Y2k, If the time/money wasn't spent sorting out the systems, things could have been as predicted.

Re:I don't know about you

[mike_the_kid]

This is not really a joke, though some will see it as MS bashing:

Code Red would have started with about 200,000 existing infected machines, except that:

• How many of those upatched 2000 / NT boxes do you think have been up for the whole time since the worm went into remission? Remember rebooting will remove the worm from memory (though you would probably eventually be reinfected.)
  
• If any 2000 box is not being kept up to date on its patches and is running IIS, what do you think its uptime is going to be like? I say not good.
  

It will not stop the worm from growing, but it will play a role in controlling the code red.

If this incarnation of the worm were really malicious, it would try more than 100 addresses. (though incident.org said that the rng in the latest version is stronger). A relatively benign worm like this is better for the weak sysadmins in the long run, because otherwise they would not have known of this relatively simple security hole.

But what about the media?

[Aerog]

The question is, why is it that Code Red was trumpeted as the "End of the entire Internet as It Is", with no mention that it only affects MS IIS servers. The news story I heard made no mention of the systems affected, simply summarizing it as "Webservers everywhere". No, this isn't intended to be Microsoft-bashing, but what would have been the situation had it gone off and the world realized that only a certain server configuration was affected? Would that have been glossed over in the same way that the vulnerablilty was?

It's just like Y2K. It's a problem that is basically centred around a specific flaw that is NOT present in all computers, yet trupmeted by the media as "The Be All and End All" of computer problems "destined to destroy our information-superhighway society". Yet, when you look into it, it's not as large as it's supposed to be. Could this be the reason that the vast majority of the population is afraid to click the mouse too fast in fear that they "break" their computer?

Re:Affects more than just IIS servers

[daviddennis]

Yes, but you can bet it would be a horrible public relations disaster for Honda.

This deserves to be the same for Microsoft, for exactly the same reason.

D

Affects more than just IIS servers

[CausticPuppy]

How about this (admittedly cheesy) analogy...
Say there's some bug that causes all Hondas on the road to stop running. It only infects Hondas though. But that sure would create a traffic mess for everybody, including those that don't drive Hondas.
Now if thousands of IIS servers are clogging your ISP's routers, your Apache server would seem really slow to anybody trying to access it, if they can get there at all.