Code Red 3.0 gets nasty

Cyber-threat unit to cost $1m but govt won't comment; Peter Sinclair logs off

Every day this week I've come into the office and thought "well at least I won't have to write about Code Red any more" and every day I've had a new story about the blasted worm. Really, it's wave after wave of new-found heartache and annoyance, first from the original, then the second round of damage from the original and now from its offspring.

The story so far - Code Red is a worm designed to exploit a flaw in Microsoft's Internet Information Server (IIS) webserver. Microsoft had posted a patch for it back in June but apparently somewhere in the region of 360,000 servers out of the estimated 5 million world wide forgot to get the patch and so ended up with the online equivalent of a nasty rash.

Fortunately the original Code Red wasn't too malicious. It did coopt the infected servers into an online onslaught against the White House webserver but, frankly, nobody noticed.

Wave two occurred at the start of August when the worm re-awoke from its self-imposed slumber and a further 120,000-odd servers were discovered to still have holes in them. A number of minor variations on the Code Red theme emerged as well but none too unpleasant.

This week, however, has seen Code Red version 3.0 break out around the world and against all the odds it's still going strong. Servers are experiencing a massive amount of traffic as this beast tests to see whether you've patched your machine or not. If it does find a way in it has a whole new payload that is similar to Back Orifice - namely, it installs a backdoor into your system that any hacker anywhere can then access to do, well, frankly, anything they want.

Have you stored hundreds of credit card details on your webserver? Thanks, we'll take them. Do you have any information that you wouldn't like read aloud in a public place? Got that too. What about passwords, commercially sensitive documents or pictures of your dog you don't want passed around? Too late, I'm afraid. Or perhaps I'll just trash your files or perhaps I'll simply format your hard drive.

Another twist to the Code Red problem is that this version doesn't just search random IP addresses looking for unpatched machines; it searches in nearby areas. Unfortunately for New Zealand users that means we're getting hit by a lot of machines from Korea, Taiwan, China and the rest of Southeast Asia, all of which are highly contagious at the moment.

One security expert wonders whether the high rate of infection in the region is matched by the high incidence of pirated software. Perhaps the end users aren't too keen on dropping into the Microsoft homepage to update their illegally obtained software.

Amusingly the answer to the whole Code Red problem could be right under our noses. At least one expert suggests building another worm that will happily cruise the internet looking for unpatched servers and simply patching them. Other folk suggest perhaps not patching them but destroying them - smashing them to an electronic pulp so this kind of thing never happens ever again - but I'm sure there are ethical considerations on that score.

At the very least the whole sorry affair does mean just about everyone I know has heard of security and is looking at getting a firewall of some kind. At least they all know the difference between a virus and a worm now.

Code Red - is the answer another virus? - IDGNet

Code Red attacks - backdoors are wide open - IDGNet

Code Red version 3: new payload is like Back Orifice - IDGNet

Code Red 3.0 attacks NZ with vicious payload - IDGNet

Cost of computer virus $4 billion and rising - NZ Herald

Ah yes, the cost of the beastie. I knew it wouldn't be long before someone randomly attributed a number. Quite how you work out the cost of an internet worm is beyond me - aren't tech support guys paid to do this kind of thing?

Son of Code Red coming - more dangerous - Nzoom

Cyber-threat unit to cost $1m but govt won't comment

Good news: we're going to get a government agency that will monitor cyber-space for threats to our infrastructure and let us know (hopefully ahead of time) so we can pull our heads in, batten down the hatches and generally run for cover.

Bad news: it's going to be based in the Government Communications Security Bureau and will cost over $1 million to get up and running but we're not going to discuss it with the likes of you because everyone gets upset when you say Spy Agency.

Yes, that's right. Pony up the cash from the public coffers then don't bother asking questions because we're not going to tell you.

All I can tell you is the unit will be called the Centre for Critical Infrastructure Protection (CCIP), it will have three roles: a 24-hour "watch and warn" function; will analyse and investigate threats; and will assist owners of "critical infrastructure" to understand their vulnerabilities. It will cost $850,000 a year to run.

Beyond that, forget about it. Because it's to be part of GCSB nobody wants to talk. GCSB, of course, is the agency that runs the base at Waihopai that looks like Tiger Woods' back yard which nobody talks about. The government has a bill before parliament that will give GCSB statutory authority for the first time ever, but it doesn't mention anything at all about the CCIP.

Government "Big Brother" to get cyber-threat unit - IDGNet

SSC considered, but rejected, as host for new cyber-threats unit - IDGNet

Government to patrol cyber-beat - NZHerald

Peter Sinclair logs off

After a career spanning four media and six decades, Peter Sinclair died this week, having been diagnosed with leukaemia in March. Writing for the NZ Herald right up to the end, Sinclair was one of the first journalists in New Zealand's mainstream media to write about the internet and its potential.

He also wrote a novel, studied Russian literature, hosted radio and TV shows, wrote for newspapers and the internet and as an editorial in the Herald says, "to a generation of New Zealanders it seems he has been there forever, pleasant, lively and apparently ageless".

I emailed Sinclair once after I had done all the research for a story on how the Budget was being covered online only to read his column the very next morning and discover he'd not only beaten me to the punch but done a far more comprehensive job than I'd attempted. I can't remember what I wrote but I got a reply back within minutes saying he usually found Russell Brown had done the same thing to him.

It seemed odd that this chap that I watched for years on the telly was able to take the time to write back to me but reading his writings on technology and on life I realise it wasn't odd at all. Sinclair's columns are all available on the NZ Herald site - follow the link from the editorial below.

Peter Sinclair dies - IDGNet

Peter Sinclair dies in Auckland - NZHerald

Editorial: A man with a zest for life - NZHerald

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

More about Brother International (Aust)Microsoft

Show Comments