Australia, Singapore avoid Code Red hysteria

Australia, Singapore avoid Code Red hysteria

Australian businesses have dealt sensibly with the return of the Code Red worm, which has sparked panic in the US and UK, according to Paul Ducklin, Sydney-based head of global support at anti-virus company Sophos PLC.

"The idea that the Internet is weaker and less resilient than a (4K byte) worm is ludicrous," he said in a telephone interview Friday. "It's a pity that the story has been blown out of all proportion."

"In some parts of the world, people have become overly excited over something that was probably under control," he said. "People like the FBI (US Federal Bureau of Investigation) and security experts should know better than to start talking about Internet meltdown."

Code Red exploits a security hole in versions 4.0 and 5.0 of Microsoft's Internet Information Server (IIS), which is included with Windows 2000 and Windows NT 4.0 and is widely used to run Web sites.

According to Ducklin, Australian companies are concerned by the virus but have simply called Sophos, asked for information and gone away to apply the patch. He said his company had not received any reports from around Asia of large numbers of servers being infected.

The Singapore Computer Emergency Response Team (SingCERT) has recorded three infections of servers since it began monitoring Code Red when it first appeared last month. The low rate of infections is attributable to the fact that Code Red is a worm that only attacks certain servers, and is not an end-user virus, according to Jennifer Toh, corporate communications manager at Infocomm Development Authority (IDA), which runs SingCERT.

It is important to apply the patch, said Ducklin, because it solves the IIS buffer overflow security hole once and for all, protecting not just against Code Red, but against any attempts to exploit this loophole.

"Code Red is important and it is important to fix it, but no way is it going to cause Internet meltdown," he said.

The hype surrounding Code Red could have unwelcome effects on other security matters, according to Ducklin. As with the year 2000 issue, users who have been told to expect dire effects and then do not see them can be led into a false sense of security. Also, the focus on Code Red may distract users from other attacks.

The FBI and other "security experts" are to blame for the overreaction, Ducklin said.

"Amid this FBI-induced hysteria, people are forgetting about the SirCam worm," he said. "(With SirCam) unlike Code Red, there is no single patch that can protect all users."

Sircam is an e-mail worm discovered last month. It carries an executable file that, if clicked upon, unleashes an attack on the recipient's PC. It is now rated as a Category 4 "severe" worm by security vendor Symantec.

Code Red and SirCam are very different -- Code Red attacks servers and can slow down Internet traffic considerably, while SirCam is an end-user e-mail worm. Code Red is 4K bytes of assembly language and only attacks Microsoft IIS Web Servers, while SirCam is 140K bytes of a high-level language. But neither of them, if properly dealt with, can have the same effect as a simple break in the communications infrastructure, according to Ducklin.

"I was working in my office when the Southern Cross cable got chopped in two," he said. "That was a much more catastrophic loss of bandwidth."

According to Internet hosting and streaming media company Digital Island Inc., about 276,000 servers worldwide had been infected by Code Red by the end of August 1.

There are as yet no clues to the authors of either Code Red or SirCam, Ducklin said.

Follow Us

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.


Show Comments