The Internet went to Code Red yesterday but it didn't melt down. That's the good news about the worm its discoverers have dubbed Code Red, after the high-caffeine Mountain Dew they were drinking while analyzing the beast, as several press accounts carefully explained.
This worm (worms are made up of "self-replicating, self-propagating, often destructive code," according to Wired Style) took over more than 225,000 server computers at its peak, according to CERT and many later press accounts. A number of Microsoft's servers fell to the worm, which exploits a well-publicized vulnerability in Redmond's Web-server software. The malicious software was designed to concentrate the firepower of all its victims on one single Net address at 5 p.m. yesterday: www.whitehouse.gov. The White House had plenty of warning and executed a deft picador maneuver, described in loving detail by ZDNet's Robert Lemos, to avoid the potentially ruinous flood of data. Code Red also replaced the home pages of some infected servers with the message "Hacked by China."
Code Red is a worm, not a virus - it does not spread by casual contact - and you could judge the gearhead chops of reporters and quoted sources alike by noting how carefully they observed this distinction. Lowest on the geek scale were the White House spokespeople, who all said "virus." The AP's reporter fell somewhere in the middle. Top geek honors go to Lemos, who said "virus" only once, and that while quoting a White House spokesman.
Code Red was straightforward compared with the other new beastie that reared its head in the last few days. The new virus/worm is called SirCam. The early reports, such as Leander Kahney's in Wired, reflected the confusion of many makers of anti-virus software as they struggled to understand SirCam's behavior. The later reports deconstructed the worm/virus nicely - Brian Ploskina's in Interactive Week is a good example. Let's hope the anti-virus writers can keep up.
With New IIS Worm, Security Practices Questioned
CERT Advisory CA-2001-19 "Code Red" Worm Exploiting Buffer Overflow
In IIS Indexing Service DLL
MS Got Hacked!
Web worm targets White House
Worm set to attack White House site
Virus-Like Software 'Code Red' Attacks White House Web Site
Wall Street Journal
(Paid subscription required.)
Hackers Try to Shut Down White House Web Site, but Security Foils Their Attack
Los Angeles Times
White House Web site has close call with virus attack
San Francisco Chronicle
New Worm Keeps Them Guessing
Tricky new virus spreads quickly
Latest Destructive Virus, SirCam, Spreading Quickly