Users login

Create an account »

JOIN XATRIX

Users login

Home » Hacking News » 'Code Red' Virus Aims at White House Web Site

'Code Red' Virus Aims at White House Web Site

by acz on July 20th, 2001 LOS ANGELES (Reuters) - A new Internet virus nicknamed "Code Red" appears to be programming thousands of computer drones to launch an all-out cyber attack on the White House Web site, security experts said on Thursday.


The Code Red worm appears to instruct infected computers to launch a "denial of
service" attack on the government Web site (www.whitehouse.gov), of the kind that
took down major Internet sites such as Yahoo! Inc. and eBay Inc. in February last year,
analysts said.


The worm defaces English-language Web sites hosted by the computers it infects,
displaying the slogan "Hacked by Chinese!," the security experts said. The
origin of the virus was not clear.


The White House Web site, which is the home page for the Bush Administration, was still
accessible as of Thursday evening.


White House spokeswoman Jeannie Mamo said: "The White House has taken preventive
measures aimed at minimizing any impact of ... the Code Red worm."


A denial of service attack is intended to render the target site inaccessible to
legitimate traffic by swamping it with requests for information.


The Code Red worm could also slow overall Internet traffic by flooding the Web with
message traffic from infected computers, according to Marc Maiffret, chief hacking officer
at eEye Digital Security, a computer security company based in Aliso Viejo,
California.


Maiffret estimated that 12,000 computers around the world had been infected with the
Code Red worm.


A second estimate issued by the System Administration, Networking and Security
Institute, a security research organization in Bethesda, Maryland, put the number of
infected computers at about 200,000.


Infected systems are likely to see their network performance degraded as a result of
the scanning activity of the worm, a statement issued by the Computer Emergency Response
Team (CERT) at Carnegie Mellon University said.


The Code Red worm exploits a vulnerability in Microsoft Internet Information Server 4.0
and 5.0 and affects computers running Windows NT 4.0 and Windows 2000, CERT said.


Maiffret and his colleagues discovered the vulnerability in June and Microsoft
subsequently released a patch, which would prevent a computer from being infected with the
worm, he said.


"Even if you have done everything right your network connection could still be taken down because of the amount of data flooding you get from all of the other guys who hadn't applied patches and were infected by this worm," Maiffret said.


A second worm discovered this week, called W32.Sircam, sends copies of itself to all
email addresses in an infected computer's address book and can delete files and directories, fill up the hard disk and send files out to the Internet, according to statements released by Symantec Corp. and Network Associates Inc.


Sircam, which has English and Spanish-language versions, has been found in more than 50
corporate networks worldwide, Network Associates said.


Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.

Contact

Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »