code red

By anders pearson 06 Aug 2001

the code red worm is still running rampant. the patch has been out for months. code red has been all over the news for weeks. there are still admins who haven’t patched up their machines.

<p>code red itself is pretty stupid, but i&#8217;m getting worried about the ability of the internet to fight back against these things. with a few minor changes, code red could really do some serious damage. currently, it&#8217;s blatantly obvious if your machine has been comprimised since it leaves a nice &#8220;hacked by chinese&#8221; defacement on the webserver. if there are <a href="http://www.caida.org/analysis/security/code-red/">hundreds of thousands of machines</a> whose admins aren&#8217;t paying close enough attention to notice something that obvious, i can only imagine what would happen if code red had been written to just infect and spread without defacing. </p>

<p>i&#8217;ve seen over 200 infection attempts in the logs for this server (Apache, so it&#8217;s not vulnerable) in just the last few days. </p>

<p>maybe people should just stay off the internet until they&#8217;re responsible enough to not screw it up.</p>