Print

Print


For those interested in the spread of the Code Red worm...


FROM:  "Red Rock Eater News Service" <[log in to unmask]>

Phil Agre wrote:

> If you want to watch the spread of the "Code Red" worm, here are the
> URL's you need.  The bottom line is that it is definitely out there
> and spreading exponentially, it may be capable of matching the extent
> of the last outbreak, a new version is capable of spreading much more
> quickly, the exponential growth *may* be leveling off, but it will be
> a week before anybody knows anything for sure, *and* so long as there
> remain large numbers of unfixed servers, there is nothing to prevent
> any of endless thousands of individuals from releasing an even more
> sophisticated worm that fixes the remaining obvious mistakes in the
> one that's circulating now.  That said, there has been a whole lot
> of uninformed panic caused by (among other things) inaccurate reports
> that all Windows NT and Windows 2000 machines are at risk of infection.
> Only machines running Microsoft's IIS server program are at risk, and
> only some of them, and only if they haven't been patched and I suppose
> power cycled.  At the same time, everyone is at risk of a bad day if
> either the worm's probes or its later DDOS attacks clog up the net or
> crash routers.
>
> Code Red Status
> (heavy load on this site is making it slow to respond)
> http://www.incidents.org/
>
> "Code Red" growth
> (the drop at 17:30UTC was caused by their own defenses against the traffic)
> http://www.caida.org/analysis/security/code-red/aug1-live-hosts.gif
>
> log-scale version of the graph showing its nice exponential growth
> http://www.caida.org/analysis/security/code-red/aug1-live-hosts-log.gif
>
> Rolling 24-hour Latency, Packet Loss, and Reachability
> (showing no dramatic effects yet)
> http://average.miq.net/
>
> Here are today's news reports in *reverse* chronological order.
>
> Code Red May Be Picking Up Speed
> http://news.cnet.com/news/0-1003-200-6738969.html
>
> Code Red Update -- The Worm Movement Continues
> http://www.nipc.gov/pressroom/pressrel/cred2.htm
>
> "Code Red" Effects Go Undetected
> http://www.washingtonpost.com/wp-srv/aponline/20010801/aponline001140_000.htm
>
> Here are some relevant documents that I didn't include in earlier mailings.
>
> Code Red Threat FAQ
> http://www.incidents.org/react/code_red.php
>
> Cisco Security Advisory: "Code Red" Worm
> http://www.cisco.com/warp/public/707/cisco-code-red-worm-pub.shtml
>
> end