Slashdot Mirror

← Back to Stories (view on slashdot.org)

Code Redux

Posted by michael on from the carpetbombing-the-new-economy dept.

I don't understand why Symantec classifies a "remote root" exploit as only "medium" damage. Code Red [?] is hitting cable modem networks especially hard, as the new variants scan "nearby" IP's in preference to random ones, which has apparently caused enough damage and network congestion that AT&T's residential broadband division (MediaOne) has cut off port 80 across their network to try and halt the spread of the worm, or so several submitters reported. Newsforge has a story about various reactions to the worm, and reader nettdata sent in an interesting story about the worm becoming the main course at a dinner of security specialists.

13 of 472 comments (clear)

  1. In Poland too! by zdzichu · · Score: 3, Funny

    Polish Telecom, the biggest ISP down here, also announced that they will block traffic from 'infected' sites. Trying to connect to whitehouse server is taken as a proof of infection.

    --
    :wq
    1. Re:In Poland too! by JediTrainer · · Score: 3, Funny

      Hmm... www.whitehouse.gov seems to have been hacked. It's a porn site!

      Kidding, kidding!

      --

      You can accomplish anything you set your mind to. The impossible just takes a little longer.
  2. Against the DMCA? by duncan · · Score: 2, Funny
    From the article:

    "The group gathered around the dinner table then managed to get a copy of the worm and began disassembling its code"

    Doesn't looking at the code and trying to figure a way around the usage of this program violate the DMCA? I think that those at this conference should be held accountable.

  3. Cable Modem Providers by r1ckt3r · · Score: 2, Funny

    I work for a rather large cable modem provider in the callcenter. We are getting inunduated with calls about the code red virus. Especially concerning hyper-active activity lights on cable modems. It's been like this ever since sunday. I must admit, we are very close to blocking port 80 as well, since we don't allow web servers anyways. oh well, I start my new job next monday.

  4. My 'Data' Light has been going steady since Friday by BroadbandBradley · · Score: 3, Funny

    and I'm on @home's network. I like the program 'etherape' to sit and watch the requests come in and then browse to the IP's to see JoeBlow's homepage.
    really, do these home users PAY for IIS? of course not, would you? If you're going to use software free, use free software!!!
    I can't imagine that anyone who administers servers for a living hasn't already patched againts this. Thus I think most of this Code Red comes from home users windows boxes with pirated software. I wish MS did pursure those people because we'd have a whole lot more Linux users if that was the case. ( I guess that's why they don't)

    a note to IIS users: /etc/httpd.conf it's not really that hard.

    --
    "The Most Fun Possible on 4 wheels" is at SunBuggy in Las Vegas
  5. Re:Man, I wish... by blang · · Score: 5, Funny
    You're not lame for running IIS if you've patched it. You're lame if you aren't paying attention to the patches out there.

    Sorry for being such a troll, but what makes you believe that this patch is the ultimate cure of IIS security bugs? You may not be lame, but you do posess an impressive threshold for pain.

    --
    -- Another senseless waste of fine bytes.
  6. Re:Cutting off port 80? by Anonymous Coward · · Score: 2, Funny

    What, do you think they plan to ever turn port 80 back on? Trustworthy one, aren't ya?

  7. Hmm, evil or DDoS in the making by Cramer · · Score: 5, Funny

    I know I'm askin' for it, but I couldn't resist:

    cd /home/httpd/html
    ln -s /dev/zero default.ida

    I'm only a 128k ISDN, but with compression, I can push over a T1 worth of zeros :-) (And people say PPPoE has no value.)

  8. Re:Code Red Self Test by Anonymous Coward · · Score: 2, Funny
    Gotta make it easier for the dumbasses that don't patch their server.

    http://127.0.0.1/scripts/root.exe?/c+dir

  9. Regarding its effect on laser printers. by kaoshin · · Score: 2, Funny
    I had read that it is supposed to hang Hewlett Packard laser printers with web interfaces. We had an issue today where a client's Minolta-QMS laser printer with a web interface was affected in the same manner.

    Hasn't hit any of our servers but I keep getting the w32.sircam worm in my email all day. I reply to them all with easy to comprehend AOL language... "You've got worms."

  10. Re:Road runner's "warning" by sharkey · · Score: 3, Funny

    But then again, they only say no to worry if you're running Windows 95, 98, ME or MacOS. Well, I'm running Linux and NetBSD, so I guess I should be worried, eh?

    No, you should report them to "abuse@timewarner.com" for sending you Unsolicted Bulk Email advertising those products.

    --

    --
    "Outlook not so good." That magic 8-ball knows everything! I'll ask about Exchange Server next.
  11. Re:Code Red Self Test by osgeek · · Score: 3, Funny

    How about if someone just writes a Code Red version that instead of doing something nefarious just puts up a dialog that says: "Hey, you fucking moron! Patch your crappy IIS server so that you don't get some version of Code Red."

    Better yet, why not just run the patch installer for them?

    --
    Why are you letting these clowns ruin our country?
  12. Re:this thing is fascinating by chickenmilkbomb · · Score: 2, Funny


    This thing is great!
    My website has never seen so much traffic!
    Now I'm just going to sit back and watch the ad money roll in...

    If I wasn't so damn lazy, I would write a php
    script or a servlet and alias it to default.ida
    to autoupdate my "hit count".

    --
    He hates these cans!!!