Code Red creates hacker hit list

Worm ups the ante in possible virus attacks.

James Middleton

In the wake of the Code Red virus, security watchers have pointed out that millions of IT administrators and web users are now in possession of an exhaustive list of web servers vulnerable to attack.

Speculative calculations suggest that these figures could be nearing the quarter of a million mark.

Advertisement

When Code Red has infected and settled into a new host, it starts scanning the internet for more vulnerable machines.

Every machine or firewall it hits logs the attempt in a log file, and now these log files on every web server out there contain a very long list of machines that have been infected and are still vulnerable.

The ISAPI .ida exploit used by Code Red to break into NT boxes is common knowledge.

And even though Microsoft assures us that the patch to stop the attack has been downloaded a few million times, there are still a few more million vulnerable web servers out there.

Anyone with a list of these wide-open boxes, gleaned from their server logs, has the potential to anonymously take over a few thousand servers overnight, with full administrator-level access.

US software consultant Braddock Gaskill, who wrote a White Paper (http://braddock.com/cr2.html) on the methodology behind this security flaw, said that an intruder could simply break into infected machines, read their log files and thus acquire a whole new range of vulnerable IP addresses.

"I've got one machine that has hit me with HTTP probes over 200 times in the last week. I've tried to contact the admin, but no luck. My next temptation is to crack into the box and just wipe it to stop the annoying alerts I get every few hours," he said.

He added that the strong recommendation from this report is that "as part of any CodeRed II recovery effort, the system web logs should immediately be destroyed, and Intrusion Detection Systems should be checking for and tracing recursive attempts to access web logs though the backdoor.

"In addition, the backdoor could conceivably be used with such a list of hosts to purge the worm and close the backdoors of all affected hosts," he said.

  • Have your say
  • Send to a friend
  • Print
  • Digg
  • Reddit
  • Share

Tags:

Do you agree?

Further reading

Code Red: internet on red alert

In the aftermath of the Code Red outbreak, experts suggested that the hysteria surrounding the worm may have been at least partly responsible for its failure to bring the internet to its knees. Although some reports were labelled as scaremongering, they may have prompted administrators to harden their servers against attack and ultimately stemmed the spread of the worm. But now a second variant of Code Red has appeared, it remains to be seen if the large number of still unpatched servers out there will help the worm spread further yet.

UK on Code Red alert

FBI warns that the worm is set for 'hyper growth' and that as many as 350,000 PCs could be infected.

Related whitepapers

Related jobs

Most watched

Xperia X1

Video Review: Sony Ericsson Xperia X1

First Looks Editor Ian Williams gets hands on with the Sony Ericsson Xperia X1

iPhone

Video Review: iPhone 3GS

We put Apple's latest iPhone through its paces

IT white papers

Search white papers

Top categories

Poll

Poll: Summer smartphones

Poll: Summer smartphones

Which smartphone will you be taking to the beach this summer?

View poll results

Advertisement

Advertisement

Newsletter signup

Sign up for our range of FREE newsletters:

Existing User

Newsletter user login:

Enter email address to edit your newsletter preferences

Job of the week

Search thousands of IT jobs :

Search thousands of IT jobs:

Advanced search

Hiring now on ComputingCareers:

Related IT jobs

Search thousands of IT jobs :

Search thousands of IT jobs:

Advanced search

Spotlight

a padlock

Microsoft to plug security holes

Microsoft has given advance warning of a number of security...

Nokia handset

Top 10 articles, 10 July 09

No Nokia Android phone, ActiveX attacks and Google enters into...

Can Google beat Microsoft at its own game?

Google's announcement this week that it plans to step into...

iPhone

Video Review: iPhone 3GS

We put Apple's latest iPhone through its paces

Primary Navigation