Update: Code Red Infections Slowing - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IoT
IoT
News

Update: Code Red Infections Slowing

Reports of the worm appear to be levelling off.

The spread of Code Red continues, say security experts. As of 1:30 p.m. EST Wednesday, the worm managed to infect roughly 100,000 systems. However, the SANS Institute says the hourly rate on infection appears to be declining. Experts hope this shows that a sizable portion of vulnerable systems had been patched by the Tuesday deadline.

Stuart Staniford, president of Silicon Defense, an intrusion-detection company, estimates that the hourly rate of infection is .75 hosts an hour, per infected machine. That means each infected server is infecting less than one other system per hour. The first wave of Code Red, which occurred last week, had an infection rate of 1.6 to 1.8 new systems per hour.

Michael Erbschloe, author of "Information Warfare, How To Survive Cyber Attacks," and VP of research at Computer Economics, estimates that the first wave of Code Red cost companies worldwide $1.2 billion. Erbschloe says the cost of clean up was $740 million, and the cost associated with lost productivity reached $450 million. Erbschloe says he doesn't expect the second wave to be as costly.

According to the SANS Institute's incidents.org Web site, as of 9 p.m. EDT Tuesday, 157 systems had been infected; by 8 a.m. Wednesday, 8,007 had been infected. At 11 a.m., infected systems numbered more than 22,000.

"Those numbers are in line with what we are seeing," says Bill Pollak, spokesman for the CERT Coordination Center.

"During the first Code Red attack, I'd only noticed a few scans on our systems," says Own Creger, IS security manager for accounting-software maker Creative Solutions Inc. Creger says that as of noon Tuesday, he had noticed more than 40 scans on his intrusion-detection system. "I think this time around, [Code Red's] improved IP address random access is making it try to spread faster," he says.

Security experts Tuesday were hoping that companies would heed repeated warnings about the Code Red worm. Variants of the worm, which struck hundreds of thousands of Microsoft NT and Windows 2000 operating system last week, began striking Tuesday at 8 p.m. EDT. The worm scans the Internet from infected servers, searching for servers that do not have Microsoft's fix in place. As more systems become infected, the worm's propagation will increase and potentially slow Internet traffic to a crawl.

According to Microsoft, as of late Monday, more than 1 million patches had been downloaded. Experts had hoped that the estimated 6 million potential targets would be patched in time.

According to Marc Maiffret, chief hacking officer at eEye Digital Security, hundreds of thousands of infections were discovered in the first wave, which only had six or seven days to propagate and infect new servers. Because the worm has a built-in cycle to spread for 19 days before it launches a denial-of-service attack, the next wave may be worse.

Eeye discovered the vulnerability in Microsoft's Internet Information Services software, which ships with Windows NT and 2000. "I think when the first comes around and the worm has 20 days to spread, we will see at least the same impact as the last one," says Maiffret. "Hopefully, IT administrators [will] prove me wrong and have been installing the patches--but a few hundred thousand systems is a lot of systems to patch."

Eeye has published a free tool that administrators can use to determine whether their servers are vulnerable to Code Red. The tool is available at http://www.eeye.com/html/Research/
Tools/codered.html
.

Microsoft's patch is available at
http://www.microsoft.com/technet/treeview/
default.asp?url=/technet/itsolutions/security/
topics/codealrt.asp

Companies running Windows are not vulnerable to Code Red.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
The State of Cloud Computing - Fall 2020
The State of Cloud Computing - Fall 2020
Download this report to compare how cloud usage and spending patterns have changed in 2020, and how respondents think they'll evolve over the next two years.
Slideshows
10 Ways to Transition Traditional IT Talent to Cloud Talent
Lisa Morgan, Freelance Writer,  11/23/2020
News
Top 10 Data and Analytics Trends for 2021
Jessica Davis, Senior Editor, Enterprise Apps,  11/13/2020
Commentary
Can Low Code Measure Up to Tomorrow's Programming Demands?
Joao-Pierre S. Ruth, Senior Writer,  11/16/2020
Register for InformationWeek Newsletters
Video
Current Issue
Why Chatbots Are So Popular Right Now
In this IT Trend Report, you will learn more about why chatbots are gaining traction within businesses, particularly while a pandemic is impacting the world.
White Papers
Slideshows
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Sponsored Video
Flash Poll