![[LWN Logo]](/images/lcorner.png)
![[LWN.net]](/images/Included.png)
|
|
|
|
From: Phil Agre <pagre@alpha.oac.ucla.edu> To: "Red Rock Eater News Service" <rre@lists.gseis.ucla.edu> Subject: [RRE]"code red" worm Date: Wed, 1 Aug 2001 14:53:56 -0700 If you want to watch the spread of the "Code Red" worm, here are the URL's you need. The bottom line is that it is definitely out there and spreading exponentially, it may be capable of matching the extent of the last outbreak, a new version is capable of spreading much more quickly, the exponential growth *may* be leveling off, but it will be a week before anybody knows anything for sure, *and* so long as there remain large numbers of unfixed servers, there is nothing to prevent any of endless thousands of individuals from releasing an even more sophisticated worm that fixes the remaining obvious mistakes in the one that's circulating now. That said, there has been a whole lot of uninformed panic caused by (among other things) inaccurate reports that all Windows NT and Windows 2000 machines are at risk of infection. Only machines running Microsoft's IIS server program are at risk, and only some of them, and only if they haven't been patched and I suppose power cycled. At the same time, everyone is at risk of a bad day if either the worm's probes or its later DDOS attacks clog up the net or crash routers. Code Red Status (heavy load on this site is making it slow to respond) http://www.incidents.org/ "Code Red" growth (the drop at 17:30UTC was caused by their own defenses against the traffic) http://www.caida.org/analysis/security/code-red/aug1-live-hosts.gif log-scale version of the graph showing its nice exponential growth http://www.caida.org/analysis/security/code-red/aug1-live-hosts-log.gif Rolling 24-hour Latency, Packet Loss, and Reachability (showing no dramatic effects yet) http://average.miq.net/ Here are today's news reports in *reverse* chronological order. Code Red May Be Picking Up Speed http://news.cnet.com/news/0-1003-200-6738969.html Code Red Update -- The Worm Movement Continues http://www.nipc.gov/pressroom/pressrel/cred2.htm "Code Red" Effects Go Undetected http://www.washingtonpost.com/wp-srv/aponline/20010801/aponline001140_000.htm Here are some relevant documents that I didn't include in earlier mailings. Code Red Threat FAQ http://www.incidents.org/react/code_red.php Cisco Security Advisory: "Code Red" Worm http://www.cisco.com/warp/public/707/cisco-code-red-worm-pub.shtml end