posted on Aug, 13 2003 @ 02:21 AM
Well i think the code red worm was real, or at least i have it on good authority that that part is real. Heres a whole lot more info for you.
The fast-spreading "MSBlast" worm seems to be crashing as many Windows computers as it's infecting, demonstrating to administrators that they need
to patch their systems, security experts said Monday.
By midafternoon Monday, the worm had infected at least 7,000 computers in a matter of hours, according to data provided by security company Symantec.
Still, security experts stressed that the program had several flaws that had slowed its spread.
"You are not going to see the rapid uptake of Slammer. However, it could easily be as large as Code Red," said Symantec's senior director of
engineering, Alfred Huger, referring to the lightning-fast Slammer worm, which hit Microsoft SQL servers in January, and the Code Red worm, which
gobbled up servers in July 2001.
The Code Red worm spread slowly at first, then quickly, after someone modified the program to fix a flaw in its code. Huger said it was likely that an
online vandal would take on the task of modifying MSBlast as well.
"I think there is a really strong chance that this will be modified and re-released, if not today, then this week," Huger said. "It's very simple
to unpack and very simple to modify."
The introduction of the MSBlast worm ends nearly a month of speculation over when a programmer would commit the obvious crime of writing a worm to
take advantage of a vulnerability in a widely used feature of Microsoft Windows. The worm pieces together code to exploit the most recent major flaw
in Windows with publicly available tools, such as the Trivial File Transfer Protocol (TFTP) server.
The worm is also known as W32.Blaster and W32/LuvSan.
The worm could turn out to be quite an irksome bug for Microsoft. It reinforces the notion that despite the software giant's 18-month-old Trustworthy
Computing initiative, Microsoft software still has security issues. And it also aims to attack the company's network directly. Starting on Aug. 16,
every computer infected with MBlast will start flooding the Microsoft's Windows Update service with legitimate-looking connection requests. The
denial-of-service attack could slow down, and even halt access to, the primary way Microsoft customers receive updates for their computers.
MSBlast's first attack will last until the end of the year, security researchers said, adding that the coding of the worm will cause it to continue
the attack in the latter half of each month for the first six months of 2004.
The worm contains two messages in its code. One is addressed to Microsoft founder Bill Gates: "billy gates why do you make this possible?" it says.
"Stop making money and fix your software!!" The other message is a "greet"--an underground programmer greeting--to another person, which could be
a lead for any law enforcement agencies that pursue the worm's author.
Microsoft may find a way to deflect the attack, as did the White House's technical staff when the Code Red worm aimed a denial-service attack at the
whitehouse.gov Web site. The flaws in MSBlast may also slow it down.
For anyone that needs more, i can post the full thing.