Update: Code Red Infections Slowing - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IoT
IoT
News

Update: Code Red Infections Slowing

Reports of the worm appear to be levelling off.

The spread of Code Red continues, say security experts. As of 1:30 p.m. EST Wednesday, the worm managed to infect roughly 100,000 systems. However, the SANS Institute says the hourly rate on infection appears to be declining. Experts hope this shows that a sizable portion of vulnerable systems had been patched by the Tuesday deadline.

Stuart Staniford, president of Silicon Defense, an intrusion-detection company, estimates that the hourly rate of infection is .75 hosts an hour, per infected machine. That means each infected server is infecting less than one other system per hour. The first wave of Code Red, which occurred last week, had an infection rate of 1.6 to 1.8 new systems per hour.

Michael Erbschloe, author of "Information Warfare, How To Survive Cyber Attacks," and VP of research at Computer Economics, estimates that the first wave of Code Red cost companies worldwide $1.2 billion. Erbschloe says the cost of clean up was $740 million, and the cost associated with lost productivity reached $450 million. Erbschloe says he doesn't expect the second wave to be as costly.

According to the SANS Institute's incidents.org Web site, as of 9 p.m. EDT Tuesday, 157 systems had been infected; by 8 a.m. Wednesday, 8,007 had been infected. At 11 a.m., infected systems numbered more than 22,000.

"Those numbers are in line with what we are seeing," says Bill Pollak, spokesman for the CERT Coordination Center.

"During the first Code Red attack, I'd only noticed a few scans on our systems," says Own Creger, IS security manager for accounting-software maker Creative Solutions Inc. Creger says that as of noon Tuesday, he had noticed more than 40 scans on his intrusion-detection system. "I think this time around, [Code Red's] improved IP address random access is making it try to spread faster," he says.

Security experts Tuesday were hoping that companies would heed repeated warnings about the Code Red worm. Variants of the worm, which struck hundreds of thousands of Microsoft NT and Windows 2000 operating system last week, began striking Tuesday at 8 p.m. EDT. The worm scans the Internet from infected servers, searching for servers that do not have Microsoft's fix in place. As more systems become infected, the worm's propagation will increase and potentially slow Internet traffic to a crawl.

According to Microsoft, as of late Monday, more than 1 million patches had been downloaded. Experts had hoped that the estimated 6 million potential targets would be patched in time.

According to Marc Maiffret, chief hacking officer at eEye Digital Security, hundreds of thousands of infections were discovered in the first wave, which only had six or seven days to propagate and infect new servers. Because the worm has a built-in cycle to spread for 19 days before it launches a denial-of-service attack, the next wave may be worse.

Eeye discovered the vulnerability in Microsoft's Internet Information Services software, which ships with Windows NT and 2000. "I think when the first comes around and the worm has 20 days to spread, we will see at least the same impact as the last one," says Maiffret. "Hopefully, IT administrators [will] prove me wrong and have been installing the patches--but a few hundred thousand systems is a lot of systems to patch."

Eeye has published a free tool that administrators can use to determine whether their servers are vulnerable to Code Red. The tool is available at http://www.eeye.com/html/Research/
Tools/codered.html
.

Microsoft's patch is available at
http://www.microsoft.com/technet/treeview/
default.asp?url=/technet/itsolutions/security/
topics/codealrt.asp

Companies running Windows are not vulnerable to Code Red.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
State of the Cloud
State of the Cloud
Cloud has drastically changed how IT organizations consume and deploy services in the digital age. This research report will delve into public, private and hybrid cloud adoption trends, with a special focus on infrastructure as a service and its role in the enterprise. Find out the challenges organizations are experiencing, and the technologies and strategies they are using to manage and mitigate those challenges today.
Commentary
Enterprise Guide to Edge Computing
Cathleen Gagne, Managing Editor, InformationWeek,  10/15/2019
News
Rethinking IT: Tech Investments that Drive Business Growth
Jessica Davis, Senior Editor, Enterprise Apps,  10/3/2019
Slideshows
IT Careers: 12 Job Skills in Demand for 2020
Cynthia Harvey, Freelance Journalist, InformationWeek,  10/1/2019
Register for InformationWeek Newsletters
Video
Current Issue
Getting Started With Emerging Technologies
Looking to help your enterprise IT team ease the stress of putting new/emerging technologies such as AI, machine learning and IoT to work for their organizations? There are a few ways to get off on the right foot. In this report we share some expert advice on how to approach some of these seemingly daunting tech challenges.
White Papers
Slideshows
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Sponsored Video
Flash Poll