This story was written by Keith Dawson for the Industry Standard's Media Grok email newsletter. It is archived here for informational purposes only because The Standard's site is no more. This material is Copyright 1999-2001 by Standard Media.

Worms and Viruses, Oh My

Jul 20 2001 08:14 AM PDT

Code Red worms its way toward the White House but gets headed off at the pass.

The Internet went to Code Red yesterday but it didn't melt down. That's the good news about the worm its discoverers have dubbed Code Red, after the high-caffeine Mountain Dew they were drinking while analyzing the beast, as several press accounts carefully explained.

This worm (worms are made up of "self-replicating, self-propagating, often destructive code," according to Wired Style) took over more than 225,000 server computers at its peak, according to CERT and many later press accounts. A number of Microsoft's servers fell to the worm, which exploits a well-publicized vulnerability in Redmond's Web-server software. The malicious software was designed to concentrate the firepower of all its victims on one single Net address at 5 p.m. yesterday: The White House had plenty of warning and executed a deft picador maneuver, described in loving detail by ZDNet's Robert Lemos, to avoid the potentially ruinous flood of data. Code Red also replaced the home pages of some infected servers with the message "Hacked by China."

Code Red is a worm, not a virus - it does not spread by casual contact - and you could judge the gearhead chops of reporters and quoted sources alike by noting how carefully they observed this distinction. Lowest on the geek scale were the White House spokespeople, who all said "virus." The AP's reporter fell somewhere in the middle. Top geek honors go to Lemos, who said "virus" only once, and that while quoting a White House spokesman.

Code Red was straightforward compared with the other new beastie that reared its head in the last few days. The new virus/worm is called SirCam. The early reports, such as Leander Kahney's in Wired, reflected the confusion of many makers of anti-virus software as they struggled to understand SirCam's behavior. The later reports deconstructed the worm/virus nicely - Brian Ploskina's in Interactive Week is a good example. Let's hope the anti-virus writers can keep up.

With New IIS Worm, Security Practices Questioned

CERT Advisory CA-2001-19 "Code Red" Worm Exploiting Buffer Overflow In IIS Indexing Service DLL
CERT Advisory

MS Got Hacked!

Web worm targets White House

Worm set to attack White House site

Virus-Like Software 'Code Red' Attacks White House Web Site
Wall Street Journal
(Paid subscription required.)

Hackers Try to Shut Down White House Web Site, but Security Foils Their Attack
Los Angeles Times

White House Web site has close call with virus attack
San Francisco Chronicle

New Worm Keeps Them Guessing

Tricky new virus spreads quickly

Latest Destructive Virus, SirCam, Spreading Quickly