It’s time for a new electronic warfare organization.
Last week, for the second week in a row, IIS administrators have had to face Code Red. More than a simple virus, Code Red could represent a new acceleration in the online virus war and shows that we may not be ready, as an industry, for the era of web services. A Rapid Epidemic Now that I’ve got your attention, let’s take a quick look at how Code Red spread. First of all, there was a simple buffer overflow problem in Microsoft Index Server, for which the company produced a patch. A month later, Code Red starting showing up. However, its rate of growth was relatively slow at the beginning. The true epidemic did not start until July 19th, when Code Red exploded onto the scene, increasing the number of infected servers from just around 300 at 00:15am to 2994 by 7:30am, over 30,000 by 14:40pm and over 300,000 in the 6 hours after that. In other words, in less than a day, Code Red went from a relatively small annoyance to a full blown attack on the net infrastructure. Had no one rung the bell on it, it would have taken only a couple of days for it to…Read More
A new worm called Hybris has been spreading across computers in Europe, the United States and South America. While it currently carries a non-destructive payload, some Anti Virus developers are worried that its plug-in architecture could turn it into a much more dangerous virus, opening backdoors in computer systems and escalating the war between virus makers and anti-virus developers. First discovered in South America by Kapersky Labs, a Russian anti-virus developer, the worm has spread through email to Europe and the United States at an increasing pace. “Hybris is one of the more common virus we’re seeing right now,” said Brian Kinj, a member of the technical staff at the CERT coordination center. Because it carries a non-destructive payload, the anti-virus community has been split over the threat level the virus represents. In the United States, the Joint Task Force Computer Network Defense, a division of the US department of defense, has upgraded the virus to a high-risk status. Meanwhile, European virus tracker Peter Kruse, of virus112.com, has announced on Usenet that his company was upgrading the virus threat to a medium risk status, due to the recent spread of the virus in Europe. Companies like Symantec and Sophos, however,…Read More