Slashdot Mirror

← Back to Stories (view on slashdot.org)

Happy Birthday Code Red

Posted by ryuzaki0 on from the bring-back-public-spanking dept.

totallygeek writes: "One year ago today (July 19, 2001), more than 359,000 computers were infected with the Code Red worm in less than 14 hours. At the peak of infection, more than 2,000 new machines were infected each minute. Servers running Internet Information Services from Microsoft were propagating this worm across the Internet faster than anything has up to then or since. For the first time, systems running the Apache web server were getting requests for a document called "default.ida". Here we are a year later, and my web log shows an average of forty-two requests per day for default.ida over the last five days. To really appreciate the spread of this program, look at this animated image."

7 of 364 comments (clear)

  1. What about Morris? by sconeu · · Score: 5, Insightful

    Servers running Internet Information Services from Microsoft were propagating this worm across the Internet faster than anything has up to then or since

    Granted, the 'Net was a lot smaller, but what about the Morris worm?

    --
    General Relativity: Space-time tells matter where to go; Matter tells space-time what shape to be.
  2. Happy Birthday? by SoupaFly · · Score: 4, Insightful

    What exactly are we supposed to celebrate? The inept SAs that have failed to patch their systems? The sad lack of software development skills and abundance of corporate greed that combine to push shoddy software upon millions of users?

    Maybe we should celebrate the resiliency of the Net. The fact that while attacks on systems continue to come daily, and at a seemingly increasing rate, everything still works most of the time.

    --knowledge, not information, is power

  3. times out by bilbobuggins · · Score: 5, Insightful
    To really appreciate the spread of this program, look at this animated image.

    Is it slashdotted or is that the demonstration?
    ;)

  4. Re:Interesting... by NeuroManson · · Score: 4, Insightful

    Considering that despite the worm being in the wild for over a year, that either installing a *nix varient, applying a service pack, or simply running a decent antivirus app were alternatives to being infected? All of which are conscientious actions of the user, admin, etc? All actions that are made on the part of the user? All options undertaken or not by the user?

    Sounds an awful lot like the fault of the user to me...

    --
    Just because you can mod me down, doesn't mean you're right. Shoes for industry!
  5. Re:Power of slick advertising by _Sprocket_ · · Score: 4, Insightful

    Just a side note, if anyone ever came up with a virus that was as devastating to apache as code red was to IIS, I think Linux would be doomed. If you expect something to fail (Microsoft products) then you don't care too much when they do. But if a product is touted as being absolutely secure and stable (Linux/Apache) then when it does screw up big, it will probably be it's death. The higher up you are, the further you have to fall.
    Tnere has to be some fundimental shifts in the environment for this to happen. You see - Linux (and Solaris) have had their own worms around the same time period as Code Red. They could have been just as devistating - but they weren't. They died quickly and went away.

    Of course - that's not to say it can't happen to Linux in the future. Some changes that would have to take place would include:

    1) An increase in un-administered machines (which is possible as more Linux machines go in to service and are promptly forgotten about or appropriate support stuff aren't also put in place).

    2) More distributions installing services by default without user knowledge (which most distros seem fairly resistant to doing - but not all).

    3) Patches that become as devistating as the security threat they attempt to mitigate (I've yet to see this and would think that any organization that constantly produced dangerous patches / replacement packages would find their user base fleeing to another distribution).
  6. Re:I still have my fake default.ida by DeadSea · · Score: 4, Insightful
    Notice that the parent post ends with "YHBT".

    That stands for "You have been trolled".

    The perl script is a troll, it won't work, I can't believe this got modded up.

  7. Re:IIS is sorta like an STD by thesolo · · Score: 4, Insightful

    Unfortunately, if vigilant admins set up their severs properly -- i.e., disable unused script mappings (like I did ;-), this never would have happened, bug or no bug, worm or no worm.

    Yeah, that's fine and dandy for those who don't need the IDA, et all mappings; but what of those people who DO use them?! You know, a lot of those corporate servers that were hacked had those script mappings set for a reason, i.e. they were using them.

    That's great that you knew better than to keep the default script mappings, but what about people who needed them?? It would have been a lot nicer if Microsoft had written a secure server in the first place instead. Even the most vigilant sysadmin would still get infected running IIS if he needed to use the IDQ & IDA mappings. In short, don't blame the sysadmin, because it's not always their fault.