澳门金沙最新官方网址

Net worm wriggles round security to attack WhiteHouse.gov

作者:司骏雁    发布时间:2019-03-06 09:12:00    

By Will Knight A computer worm that infiltrates internet servers using a new trick may already have burrowed into as many as 225,000 systems around the world. Experts say that the worm, known as Code-Red, performs a clever new deception to avoid being caught. It does not alter any files on a victim web server. Instead it reconfigures how the web server works, redirecting some parts of the server’s program to a rogue piece of code. This defaces hosted sites and launches an attack on the US Government’s White House web site. “It’s a disturbing new trend from our point of view,” says Chris Anley, a computer security consultant for US company @Stake. Many off-the-shelf security products depend on detecting file changes and will be unaware that the worm has broken into a system. However, Anley says that tools available to the affected servers, those running Microsoft’s Internet Information Server (IIS) software, can be used to detect the worm and even block it from probing for weaknesses in the first place. The worm wriggles its way into servers by exploiting a software bug in IIS. The program starts off by scanning andom internet addresses for systems with the bug. The program then breaks into such systems, writes over any web pages hosted there and bombards the US Government’s White House web site with requests before spreading again. Only servers running the IIS indexing service, which has the bug, will be affected. Microsoft also produced a software patch to fix the problem in June 2001. The assault launched on the White House web site, known as a denial of service attack, involves overwhelming the site’s server with a tidal wave of data. It can be blocked by the site’s administrators, if they act quickly enough. But, a side effect of this attack, as well as the worm’s scanning activities is that many internet servers become laden with excessive traffic. “This is the real problem with worms,” says Anley. “Even if you are protected, you can be affected by the fact that it uses up your bandwidth.” The worm is spreading quickly, according to an alert issued on 19 July by CERT, the US government-funded internet emergency response service. “Reports indicate that the “Code Red” worm may have already affected as many as 225,000 hosts, and continues to spread rapidly,

 

Copyright © 网站地图