Slashdot Mirror

← Back to Stories (view on slashdot.org)

Code Red Reporting That Doesn't Suck

Posted by ryuzaki0 on from the excellent-work dept.

marvin tph writes "The results are in: Time.com is the first mainstream news source to write an intelligent article on story Code Red. With all the big guys telling people that we've only seen the eye of the storm its nice to see someone get it right."

10 of 191 comments (clear)

  1. I don't have time to patch my servers against it! by skrowl · · Score: 5, Funny

    I don't have time to patch my servers against code red!

    I'm too damned busy reply to all of my email. You'd never believe how many people have been sending me files asking for my advise!

    --

    Prevent linux based DDOS's!
    http://linux.denialofservice.org/
  2. We need to properly inform the tabloid media by Dr_Cheeks · · Score: 5, Interesting
    How do the majority tabloid media find out about stuff like this? Well, either they hear about it from someone else (and thus Chinese Whispers ensues), or they go looking for info and run into technical stuff that's over their heads.

    What they need is a source that dumbs things down enough to be broadcast on your local Fox afilliate while still keeping it accurate. Soundbite-friendly, not very technical, clear about the details. Most people don't know what you're talking about if you say "IIS vulnerability", but if you say "The Code Red Virus will hack the internet" then most people can get a handle on that.

    It's not just about hype - it's lack of understanding. Anchors aren't good at telling people something when they don't understand it themselves, so it needs to be explained to them.

    I, unfortunately, already have hardly any free time to start up a site providing a service like this, but I'd be willing to contribute to someone else's - anyone up for it?

    --

  3. The excuse for government regulation by sdo1 · · Score: 5, Interesting

    Code Red is providing a convenient excuse to the feds to call for further regulation of the internet.

    "Our economy DEPENDS on the internet!" they'll cry. "We can't let our country be reduced to rubble by some malicious hacker!"

    And of course the press buys right into it. The DMCA, bills to punish users of school networks and computers, laws with stricter penalties for hackers than murderers... expect it to accelerate. Worms like Code Red just give the feds the ammunition they need in the court of public opinion.

    -S

    --
    --- What parts of "shall make no law", "shall not be infringed", and "shall not be violated" don't you understand?
  4. Has anybody thought about this? by EyesOfNostradamus · · Score: 5, Insightful
    The Code Red background noise could serve as cover for a much nastyer worm to be released.

    Consider the following scenario: a new worn, let's call it Code Blue, exploits the same security hole as Code Red. However, rather than attacking randomly any IP address, it would first just sit there and wait. As soon as it got a probe from the original Code Red (which statistically happens about 3 times per hour), it would "fight back" by infecting the attacking machine and replacing Red with Blue. The newly infected machine would behave similarly.

    After about 11 hours of propagation, the new worm would have infected a significant percentage of the vulnerable machines, without revealing its presence in an obvious way. It would only attack machines which are known vulnerable (and hence probably badly maintained), and probability of anybody noticing would be incredibly small. Then after, some twenty hours, it would start to do some fun stuff...

    1. Re:Has anybody thought about this? by martyb · · Score: 5, Informative

      There are still about 100.000 vulnerable (and by now... infected) machines out there.

      As of the time of my posting this, there are about 130,000 infected hosts. Go to:

      http://www.caida.org/dynamic/analysis/security/cod e-red/index.html
      to see the "Dynamic Graphs of Code Red Worm" page from CAIDA (Cooperative Association of Internet Data Analysis).
    2. Re:Has anybody thought about this? by friscolr · · Score: 5, Interesting
      Code Red first started wreaking havoc a couple days after the bugtraq post about the telnetd vulnerability - about July 19th, after the mutation which allowed it to truly randomly spread.

      There were no more posts about the telnetd vulnerability for a few days as the bugtraq list was saturated with Code Red information. I'm paranoid as fuck and assumed that Code Red was a cover up for the telnetd exploit which we'd later find out affected every single version of telnetd out there (including on routers and the like).

      But it didn't happen that way.

      It is a lesson in distraction, though: when a true hacker wants to really take over the net, a Sircam virus or Code Red worm will make a great cover for the true exploit. I'm sure Sun Tzu wrote something witty about this, as it is the same technique used by countless military tacticians (at least the ones who "won") - c.f. the amphibious build-up prior to the land invasion during the Gulf War, or Patton's fake army prior to Normandy Invasion during WWII.

      --

      -f
      www.blackant.net

  5. An observation... by jeffy124 · · Score: 5, Interesting
    For whatever reason, I can't connect to Time.com to get the article, so I'll ramble about an observation I've made:

    A machine at a research lab at school runs apache. In the access_log, from July 18-20, it had 18 attempts from a Code Red infected machine to spread the worm. (Naturally the attempt fails, cuz it's apache) But from August 1st through 'til about 9pm (EDT) last night (Aug 2), 36 attempts. So the question is - If the worm is spreading slower, why is it this one system has had more attempts of spreading this time around than the first?

    --
    The One Rule Of Chess You'll Ever Need: Don't play someone who carries a kit in their bookbag.
  6. Biohazard designations for the net - NetHazards by hillct · · Score: 5, Insightful

    Chris Daylor in TIme, makes a few good points. IF you look at biological virology, and compare it to computer viruses, the similarities are striking.

    Viruses can either stealthily infect every computer available to it then after a gestation period, attack and destroy the computer in some way (NetHazard level 1) or as soon as it infects a computer it can simply wipe the drive and be done with it (NetHazard level 5) but this doesn't give it any time to infect other systems. As such a NetHazard 5 virus would (in virology lingo) 'burn itself out' in a short period of time.

    We've seen our first highly infectious virus recently, in Code Red, but we havn't seen one so highly infectious that also causes the patient to bleed out and die. In short, we ain't seen nothn' yet.

    I'm waiting for a patient virus writer to perfect his software first, before releasing it, because so far, although Microsoft software is a favorite virus target, virus writer seem to employ the same software development model as Microsoft, in that they just let their code loose on the net without debugging or optimizing it. Imagine what email (read: Outlook) viruses could do if the writers stopped to use proper grammer in their messages, or taylored the attachment type to the domain from which the infected computer is sending the message (office docs for .com, web pages for .net, etc...). Better viruses are on the horizon, and I'm amazed we havn't started to see them already.

    --CTH

    --

    --Got Lists? | Top 95 Star Wars Line
  7. For everyone who didn't pay attention in History by Markvs · · Score: 5, Informative

    ...which is probably most Americans...

    Stolen from the article:
    "For Microsoft, this was the kind of publicity you just can't buy. Not only did Redmond get to share a dais with the Justice Department --which is rather like Stalin vowing eternal friendship with Roosevelt to counter the Nazi menace -- but they also had their name inextricably linked with the well-being of the Internet itself."

    Which is *exactly* what it is, except that in this case there isn't any Nazi menace to stand up to. My bet is that this will be seen as a way to soften the DOJ/Microsoft schism in the public's eye and make all those pesky state lawsuits go away that much quicker.

    History is *filled* with bait-n-switches like this, which most people pick up on about as frequently as they do retail prices going up two weeks before a big sale. Study the past. Without it, you'll never see the future.

    --
    46. The Hobo smiles, his eyes glaze over, and he burps. "Beware the man who has lived longer than the Wasteland."
  8. Overreaction to overreaction by Lumpish+Scholar · · Score: 5, Insightful

    From the article:

    There was no malicious intent.

    Except to trash whitehouse.gov, using servers and networks all over the world to do so.

    In the vast world of potential Internet viruses and worms, Code Red is a grade Z microbe.

    If people hadn't woken up and smelled the patch, it would have been a grade B (if not A) pain in the butt. Like Y2K, there was too much hype, but the hype helped; a self-defeating prophecy.

    It would have to go through a significant amount of mutation before it became any sort of serious threat to the Internet's health.

    Significant, but not huge. There's been lots of discussion about how bad the next generation may be.

    At its broadest definition, all hacking is white-hat hacking.

    This statement is nonsense. There is certainly such a thing as white-hat hacking, and certainly too much hacking is portrayed as far darker than it really is, but there's a huge difference between the white hats and the jerks behind Code Red.

    At most, Code Red proved you should always be wary about what Microsoft software does to your machine, like turning it into a server without your implicit knowledge.

    Um, these machines were supposed to be servers.-)

    We should be wary about what any software does to our machines. Point well taken, though.

    --
    Stupid job ads, weird spam, occasional insight at