Cameras
Camcorders
Cell Phones
Components
Desktops
HDTV
Home Theater
GPS
Laptops
Monitors
MP3 Players
Networking &
Printers
Storage
WiFi Finder
Locate wireless services by a specific address, city, state, country, airport, or zip code.
'Code Red' Worm Targets WhiteHouse.gov
Microsoft urges IIS users to apply patch to prevent scheduled denial of service attacks.
Frank Thorsberg, PCWorld
A new Internet worm called "Code Red," which has the potential to infect millions of Net servers with a security flaw, started a denial of service attack late Thursday aimed at disabling the official White House Web site.
White House would say only that they had taken "preventative measures" to duck an attack. The White House site was offline Thursday night, but back up on Friday morning. The FBI's National Infrastructure Protection Center confirmed reports on Thursday night that Internet backbone providers were seeing large-scale victimized Web servers scanning for vulnerabilities in Microsoft's Internet Information Server, which hosts a number of Web sites.
"Upon successful infection, the worm will proceed to use the time threat and connect to the www.whitehouse.gov domain," the NIPC says in a statement. "This attack consists of the infected systems simultaneously sending 100 connections to port 80 of www.whitehouse.gov."
In a denial of service attack, a Web site may disabled or overwhelmed by huge numbers of requests for information pouring in from servers afflicted with the worm. A recent study suggests such attacks are very common, numbering in the thousands monthly.
Microsoft offers a free patch to fix the server security flaw, which was uncovered in June.
Once the security problem was identified, Microsoft began sending out alerts, contacting customers individually, and working with the press to spread the word about how to fix it, says Scott Culp, security program manager at the Microsoft security response center.
"We make it as easy as we can for folks to get the information," Culp says.
Despite that effort, it will be hard to contact operators of the estimated 6 million ISS servers in use worldwide.
Worm's Origin Unknown
The creator of the worm is unknown. It was discovered and named by researchers at eEye Digital Security, who say the worm defaces Web pages with the text: "Welcome to http://www.worm.com! Hacked by Chinese!"
"The activity of Ida Code Red worm has the potential to degrade services running on the Internet," says the NIPC statement. "Any Web server running the Microsoft IIS versions 4.0 or 5.0 that is not patched is susceptible to a 'Buffer Overflow.' The NIPC is strongly urging consumers running these versions of IIS 4.0/5.0 to check their systems and install the patch."
Without the patch, the worm can run embedded code on the affected systems, using them as weapons in distributed denial of service attacks on unprotected Web sites. Unlike other viruses, which are passed via e-mail, a typical worm spreads from server to server. Every infected server is used to send information requests to the target URL, eventually overwhelming the site or degrading its service.
"At some point in time, somebody set this worm free. Then it just does the work on its own," says Vincent Gullotto, a senior director at McAfee AVERT, a part of Network Associates. "Somebody just set it into the ISS server environment and it just jumps from machine to machine."
Weekly Attacks
The worm operates on a kind of timer that was set to trigger at 8 p.m. EDT on Thursday, and then run for one week. That seven-day run might not be the end of the problem, however.
"It might start up again next month," Gullotto says. "And the thing about this exploit, somebody could write a variant, push it around, and it could attack another site very easily."
In order to secure systems and help stop these kinds of worms from spreading, systems administrators need to do three things, says Russ Cooper, editor of the security e-mail list NTBugtraq.
First, they need to subscribe to Microsoft's security bulletin service, "so that they're at least aware that patches exist. They've got to start learning about these vulnerabilities to keep themselves secure," Cooper says. Second, he recommends they subscribe to NTBugtraq for further alerts, and last, they need to apply patches for their systems when they become available.
(Sam Costello of IDG News Service contributed to this report.)Laptop Showcase
Microsoft Office Home and Student 2007
- Great year-end deals
for small business! -
Get 24/7 live remote AT&T Tech Support 360* service along with select Lenovo* PCs (with Intel® Core™ 2 Duo processors) and save up to 200!
-
HP EliteBook* 6930p Notebook with Intel® vPro™ technology and a free HP Basic Docking Station - $641 instant savings!
- *Other names and brands may be claimed as the property of others. ©2009 Intel Corporation. Intel, the Intel logo, vPro and Core trademarks of Intel Corporation in the United States and other countries. All rights reserved.
Dell End of Year Deals
-
Ring in the New Year with Huge Deals on Dell Computers Up to 30% Popular Dell Laptops, up to 25% off Popular Dell Desktops. Sales ends 12/31 5AM EST.
People who read this also read:
Best Prices on Security Software
Norton Internet Security 2010 - 3 UsersPrice: $26.30
Norton 360 Version 3.0 - 3 LicensesPrice: $39.99
Norton Internet Security 2010 - 3 UserPrice: $25.99
Internet Security 2010Price: $31.87
Norton 360Price: $25.00
Total Protection 2010 - 3 UserPrice: $26.47
- 15 Minutes to a Secure Business Get the Secure in 15 toolkit starting with the "15 Minutes Month-at-a-Glance" calendar. McAfee will send you additional tools and tricks to stay protected around the clock.
- A Buyer's Guide to Data Protection Implementing data protection products and processes can be daunting. Make the right decisions by exploring what is available and what makes sense for your organization. Use this simple guide to evaluate different vendor offerings.
