Code Red: Worm
Assault on the Web
A recent feature in
From Scientific American
Code Red: Worm Assault on the Web
by Carolyn Meinel
"Chillingly, the recent Code Red attack may be a forewarning of similar
but much more virulent Internet infections in days to come, researchers say.
And future covert assaults on your own PC could force it to become an
unknown hacker's unwitting pawnin the lingo, a "zombie"in the next
round of computerized carnage.
Although previous Internet plagues brought about by the Melissa and I Love
You bugs infected millions of computers, they caused only rather minor damage
to each host. And whereas previous DDOS attacks infected hundreds or perhaps
a few thousand computers, the current Code Red version 2 (CRv2) worm
successfully invaded hundreds of thousands of machines in just a few hours.
Had the Code Red vector been a bit more sophisticated, it could have caused
real trouble for businesses and nations in the developed world, say the experts.
Further, if an attack like this occurs a few years hence, when public, commercial
and governmental reliance on the Internet will have grown exponentially, the
results could be truly disastrous." [...]
"The first version of Code Red (CRv1) spread slowly, taking over only some 10,000
servers before it was discovered on July 17. Each CRv1 zombie hosting an English
language Web site defaced it with the message: "Hacked by Chinese." This announcement,
however, should not necessarily be taken at face value. The message suggests that Code
Red may have been yet another outbreak of the U.S. vs. China hacker war that broke
out after the April 1 collision between an American spy plane and a Chinese fighter.
According to the official Chinese publication People's Daily, "Soon after the mid-air
collision was an all-out offensive on Chinese websites by U.S. hackers.
...[bold added] By the end of April over 600 Chinese websites had come under fire or totally
broke down.... Many hackers' organizations known as China Honkers Union and Hackers
Union of China promptly responded in an all-out cyberwar against their U.S. counterparts
May 1 to 7." Clearly People's Daily was eager for China to take credit for attacks through
May 7. But it has been silent on Code Red.
"It could even have been the U.S. government," cautions Larry Leibrock, a leading
American researcher in computer forensics and a professor at the University of Texas at
Austin. "Perhaps they wanted to show how precarious our situation is." [...]
Other Links . . .
War Against the Imagination [from Orion Online]
"...the second in a series of video interviews with beloved Orion writers.
Noted author and poet Gary Snyder muses on democracy and the beneficial
boredom of meditation"
Terrosism Articles: from The Bulletin of the Atomic Scientists
Low probability, high consequence
by Diego Llumi
"The Clinton administration's decision early this year to spend $1.4 billion
during fiscal year 2000 to combat chemical and biological terrorism
provoked a rash of criticism from skeptical observers who argued that the
massive increase in spendingnearly double this year's budgetwas
based on an exaggerated and unrealistic assessment of the threat. A
quick look at history, said the skeptics, shows that during this century the
United States has suffered only one fatality as a result of a chemical or