This press release was sent to a wide variety of people, especially journalists.


'Code Red' Worm, Estimated to Have Infected Between 12,000 to 20,000 Internet Web Site Servers, Could Also Run Denial-Of-Service Attack Against www.whitehouse.gov Within 24 Hours Worm Has Exploited 'MS Index Server & Indexing Service ISAPI Buffer Overflow' Vulnerability

[Huh? At the time of this release, most legitimate security outfits had plenty of evidence the infections were closer to the 300,000 range. It is sad that Entercept was not aware of how bad the outbreak was, and worse that they were trying to milk it for all it was worth when their numbers suggested it wasn't a big issue at all.]

SAN JOSE, Calif., July 20 /PRNewswire/ -- A vicious worm may have already infected thousands of computers running on Microsoft IIS Web servers. The worm exploits a known vulnerability, "MS Index Server and Indexing Service ISAPI Extension Buffer Overflow" (the .ida attack). The worm defaces sites that run the English version of the Windows NT/2000 operating system and replicates itself to vulnerable Web servers creating a possible vast Denial-Of-Service situation.

Impact On Web Sites

Several sites that run the English version of Windows NT/2000 operating systems have already been infected and some defaced. The defacement works for 10 hours, or until the machine is rebooted. Machines targeted by the worm are subject to a Denial of Service attack regardless of whether they were infected with the worm or not. Recent reports indicate that within the next 24 hours the Code Red worm could also run Denial-Of-Service attacks against www.whitehouse.gov, thereby defacing and crippling certain U.S. government Web sites.

According to a recent bulletin, the worm:

-- Sets up 100 threads out of which 99 spread the worm by infecting other sites.

-- The thread defaces the Web site in English Windows systems

A Microsoft advisory several weeks ago recommended a patch and workaround.

Still, the number of servers that were penetrated by the worm is vast. This incident demonstrates, once more, the inherent problem of system owners to promptly apply patches and to configure their systems properly. The Red Code worm has been a known vulnerability for some time, according to Dr. Yona Hollander, Entercept Security Technologies vice president of strategy. However, it is difficult for many site managers to stay on top of the patches before, during and even after the attacks.

SOURCE Entercept Security Technologies


main page ATTRITION feedback