Code Red: Are You Ready For The Next Attack? - InformationWeek
07:32 AM

Code Red: Are You Ready For The Next Attack?

Experts wonder if new versions of the worm will target critical parts of infrastructure

The first wave of the Code Red worm infected more than 350,000 servers on the Internet last month and cost more than $1 billion for companies around the world to clean up the mess. The second wave of Code Red infected more than 250,000 servers last week, with the cleanup costs still to be calculated. Security experts are wondering what's next.

Many were surprised the worm didn't do more damage. Both versions are designed to deface some Web sites and launch a distributed denial-of-service attack on the White House Web site, which easily dodged the first attack by changing its Internet address. "It's peculiar to me that this worm seemed so well-written on one hand, yet had such an ineffectual payload," says Frank Prince, a security analyst with Forrester Research. More dangerous versions of the worm may be on their way, he says.

Also concerned is Chris Rouland, director of Internet Security Systems Inc.'s research arm, X-Force. He says the two versions of Code Red may be a "beta test for information warfare," and IT managers need to prepare for more damaging versions. "If new variants target more critical parts of the infrastructure, we'll be seeing a lot more trouble," he says.

Code Red is just the latest in what are a growing number of viruses and worms that attack servers and Web sites. The worm exploits a vulnerability in the 6 million Windows servers that run Microsoft's Internet Information Services software and uses those servers to launch an attack. Many security experts warned that Code Red could create so much traffic that the Internet could slow down. The threat was taken so seriously that the FBI's National Infrastructure Protection Center called an unprecedented press conference to warn businesses to download and install a free software patch to cure infected servers and eliminate the vulnerability.

The second version of the worm is poised to attempt another attack Aug. 20 on, but few expect it to have much impact. "The White House and Internet service providers have all prepared themselves for that attack," says Pete Lindstrom, a security analyst with Hurwitz Group, "and nothing of significance should happen."

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
How Enterprises Are Attacking the IT Security Enterprise
How Enterprises Are Attacking the IT Security Enterprise
To learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Register for InformationWeek Newsletters
White Papers
Current Issue
Digital Transformation Myths & Truths
Transformation is on every IT organization's to-do list, but effectively transforming IT means a major shift in technology as well as business models and culture. In this IT Trend Report, we examine some of the misconceptions of digital transformation and look at steps you can take to succeed technically and culturally.
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Flash Poll