[Dshield] Code Red worm

Ciavarro, Maria (ISS Atlanta) MCiavarro at iss.net
Mon Jul 30 20:12:39 GMT 2001

It has been concluded that the Code Red worm will reactivate in some form on
August 1st, and will rapidly degrade Internet performance during the worm's
propagation phase. Most of the focused has been on the DDoS against the
White House, the real trouble comes from the bandwidth the worm uses during
the propagation phase as it scans for new hosts. Propagation is rapid and
exponential and via port 80. A 50% decrease in Internet speed was noted
after just 16 hours of propagation when the worm was first detected. Those
do not take this worm seriously will find they are the advocators of their
own financial and productivity loses.

As the Internet experiences the greatest security episode in its history,
the existence of the everyday threat has not diminished. Many persons with
malicious intent will use this opportunity to exploit vulnerable systems.
Regardless of the OS or software, vulnerabilities exist and this is not the
time to take chances. Verify the integrity of your network whether it
consists of two or thousands servers. 

Below are various article which depict the technical aspects of this worm.


Maria A. Ciavarro "MaC"
GTOC Analyst
Internet Security Systems
404.236.3970/3290 office
678.665.2075 cell

*It is in the silence of the wrath that all storms bring. 
We were of apposing wind and lightning,
 which eventually raptured our defenses.*


More information about the list mailing list