Slashdot Mirror

← Back to Stories (view on slashdot.org)

Code Red: the Aftermath

Posted by ryuzaki0 on from the if-only-this-was-the-last-code-red-article dept.

LiquidPC writes: "Microsoft has released a tool to help clean up the effects of the Code Red II. It removes the files and mappings installed by the worm, and reboots your system; it also gives you an option to permanantly disable IIS." So, Microsoft has given you a mop to clean up the mess they made. Start mopping! If you're not the one infected, just tired of seeing your Apache logs fill up, you might see this page.

7 of 505 comments (clear)

  1. Warhol Worm proposed: 15 minutes to total infectio by molo · · Score: 5, Interesting
    • 2001-08-11 13:18:46 Warhol Worm proposed: 15 minutes to total infection! (articles,bug) (rejected)
    Since /. rejected this story, I posted it to the K5 Queue (only visible if you have a K5 acocunt).

    Here's the scoop (more meat at K5):

    According to an article in the latest issue of the RISKS digest, Nicholas Weaver of UC Berkeley has written a description of a new type of worm, the Warhol Worm. He believes that using a divide-and-conquer method, all vulnerable machines over the entire IPv4 addressspace could be compromised in only 15 minutes!

    `In the future, everybody will have 15 minutes of fame' -Andy Warhol

    --
    Using your sig line to advertise for friends is lame.
  2. But how many know that? by wirefarm · · Score: 3, Interesting

    You and I know that you don't need your proof of purchase, but is it inconcievable that the bulk of people using a bootleg copy would feel uncomfortable going to Microsoft.com - Thinking that MS will somehow *know* and track them down?

    --
    -- My Weblog.
  3. Re:Dumbest thing they could do by GrumpyOldManager · · Score: 3, Interesting

    You are absolutely right. This tool probably couldn't detect secondary changes made to the machine's binaries.

    We have a policy of formating the hard drive and reinstalling the OS once a machine has been compromised. This policy applies to any OS we run. To make it easy we've automated the process. To test the process we reinstall all of the machines on a regular basis, even servers. We spent some time years ago convincing vendors like RedHat that this was a useful thing (think jumpstart).

  4. Liability for software defects by jeffy124 · · Score: 5, Interesting

    There's been talk on places like CNN and CNet about software makers being held liable for serious defects in much the same way Ford and Firestone are for their recent tire troubles. Some good examples where this would apply include some major items in software bugs history: the AT&T 800 service outage, the hospital radiation treatment software controllers that killed people from overexposing them to radiation, and of course Code Red. CNN interviewed Bruce Scheneir (sp?) about this isue and he is all for holding software makers liable. Last week I tried submitting those stories to slashdot, yet the editors dont think it's an issue and won't post it, despite the fact that if liability someday hits the software market, it hits OSS people too.

    --
    The One Rule Of Chess You'll Ever Need: Don't play someone who carries a kit in their bookbag.
  5. Start blaming Microsoft again by leonbrooks · · Score: 5, Interesting

    As has been so often pointed out, many of Microsoft's fixes also often break things, and they have a nasty habit of occasionally including "improvements" that eventually dead-end you and don't become obvious for some time - like well after it's too late to back out the patch. These features combine to make many admins that I know highly reluctant to install Microsoft's fixes.

    Apache is more of a monoculture (about twice as much) than IIS, yet Apache worms this bad generally don't happen because:

    * Apache is not design-insecure, as is practically every Microsoft product - for example, Exchange's security goolies are still flapping in the breeze (have to be due to fundamental design) and I expect to see another CodeRed appear targeted for it Real Soon Now;

    * If you want active facilities, you have to install them - or at least switch them on - because they either don't come with the base server (e.g. PHP) or aren't available in default pages to exploit (e.g. XSSI);

    * The active facilities can only touch as much as the webserver can touch. Users named ``apache'' or ``nobody'' generally don't have write access to a great deal of the file system;

    * Even though Apache as such is a monoculture, there is great variety between Apaches. They run on a wide variety of CPUs and OSes. Your binaries might be in /usr/bin, /usr/local/apache/bin, /opt/apache/bin or any one of a number of places; your web pages might be in /home/httpd/html, /var/www/html, /usr/local/apache/html or anywhere the admin chose to put them. It might be running chrooted, it might or might not have zero or more of a great number of modules enabled, and so on;

    * Apache adheres to standards; a lot of IIS holes have been in Microsoft special features;

    * Apache's code (including most common add-ons) has been examined by a wide variety of eyes using a wide variety of techniques.

    Using Microsoft software costs you all of these advantages and more.

    --
    Got time? Spend some of it coding or testing
  6. Re:Not the mess they made... by jeffy124 · · Score: 3, Interesting

    On top of that, the admins who missed repeated pleas from both Microsoft and Government officials urging them to install the patch, not to mention all the publicity the pleas and the virus made on CNN (both the website and on TV), other major national news networks, and even my local (Washington DC area) television news stations.

    --
    The One Rule Of Chess You'll Ever Need: Don't play someone who carries a kit in their bookbag.
  7. Re:Microsoft PR by BorgDrone · · Score: 5, Interesting

    Actually, it might even be good PR for them too.

    this is what joe user will think:
    A dangerous "virus" threatens the entire internet (*cough*) and then microsoft comes to the rescue with a patch and saves the internet!