Code Red Reporting That Doesn't Suck

marvin tph writes "The results are in: Time.com is the first mainstream news source to write an intelligent article on story Code Red. With all the big guys telling people that we've only seen the eye of the storm its nice to see someone get it right."

Hype? Maybe but..

[kill_9_1]

Was the story hyped by newsmakers and others who would benefit from such an event? Probably. Was anyone harmed by the hype? No (unless you count late-night patching). If anything, it got sysadmins everywhere into action to fix a hole that could have resulted in a real problem

Has anybody thought about this?

[EyesOfNostradamus]

The Code Red background noise could serve as cover for a much nastyer worm to be released.

Consider the following scenario: a new worn, let's call it Code Blue, exploits the same security hole as Code Red. However, rather than attacking randomly any IP address, it would first just sit there and wait. As soon as it got a probe from the original Code Red (which statistically happens about 3 times per hour), it would "fight back" by infecting the attacking machine and replacing Red with Blue. The newly infected machine would behave similarly.

After about 11 hours of propagation, the new worm would have infected a significant percentage of the vulnerable machines, without revealing its presence in an obvious way. It would only attack machines which are known vulnerable (and hence probably badly maintained), and probability of anybody noticing would be incredibly small. Then after, some twenty hours, it would start to do some fun stuff...

Biohazard designations for the net - NetHazards

[hillct]

Chris Daylor in TIme, makes a few good points. IF you look at biological virology, and compare it to computer viruses, the similarities are striking.

Viruses can either stealthily infect every computer available to it then after a gestation period, attack and destroy the computer in some way (NetHazard level 1) or as soon as it infects a computer it can simply wipe the drive and be done with it (NetHazard level 5) but this doesn't give it any time to infect other systems. As such a NetHazard 5 virus would (in virology lingo) 'burn itself out' in a short period of time.

We've seen our first highly infectious virus recently, in Code Red, but we havn't seen one so highly infectious that also causes the patient to bleed out and die. In short, we ain't seen nothn' yet.

I'm waiting for a patient virus writer to perfect his software first, before releasing it, because so far, although Microsoft software is a favorite virus target, virus writer seem to employ the same software development model as Microsoft, in that they just let their code loose on the net without debugging or optimizing it. Imagine what email (read: Outlook) viruses could do if the writers stopped to use proper grammer in their messages, or taylored the attachment type to the domain from which the infected computer is sending the message (office docs for .com, web pages for .net, etc...). Better viruses are on the horizon, and I'm amazed we havn't started to see them already.

--CTH

Overreaction to overreaction

[Lumpish+Scholar]

From the article:

There was no malicious intent.

Except to trash whitehouse.gov, using servers and networks all over the world to do so.

In the vast world of potential Internet viruses and worms, Code Red is a grade Z microbe.

If people hadn't woken up and smelled the patch, it would have been a grade B (if not A) pain in the butt. Like Y2K, there was too much hype, but the hype helped; a self-defeating prophecy.

It would have to go through a significant amount of mutation before it became any sort of serious threat to the Internet's health.

Significant, but not huge. There's been lots of discussion about how bad the next generation may be.

At its broadest definition, all hacking is white-hat hacking.

This statement is nonsense. There is certainly such a thing as white-hat hacking, and certainly too much hacking is portrayed as far darker than it really is, but there's a huge difference between the white hats and the jerks behind Code Red.

At most, Code Red proved you should always be wary about what Microsoft software does to your machine, like turning it into a server without your implicit knowledge.

Um, these machines were supposed to be servers.-)

We should be wary about what any software does to our machines. Point well taken, though.