White House sidesteps Code Red worm

White House sidesteps Code Red worm

By GCN Staff


JULY 20'The White House Web site managed to sidestep a massive denial of service attack last week by moving to an alternate IP address that the Code Red worm could not find.

Code Red exploited a vulnerability in Microsoft's Internet Information Server software and spread rapidly in the last week to infect hundreds of thousands of Web servers. It was designed to pump large volumes of traffic from each compromised machine to www.whitehouse.gov over four hours beginning at 8 p.m. Thursday.

The White House was tight-lipped about the evasive maneuvers.

'We took protective measures aimed at minimizing any impact,' spokesman Jimmy Orr said.

With plenty of warning about the coming attack, the site's IP address was moved from 198.137.240.91 to 198.137.240.92. The worm code directed traffic to the former address. Legitimate traffic to the whitehouse.gov domain was redirected to the new address.

'We have been aware of Code Red for several days and have been in contact with several organizations,' said Marty Lindner, incident handling team leader at the CERT Coordination Center at Carnegie Mellon University.

'There is no silver bullet against denial of service attacks,' Lindner said. The best measure is to 'have a good understanding of your infrastructure and have good communications with your service provider.'

After the announcement of the Microsoft IIS vulnerability last month, a patch was released to correct it. Nevertheless, Code Red infected more than 200,000 unpatched servers, according to estimates by security experts. Its most significant trait was the ability to evade antivirus scans, said Steve Trilling, director of research at the Antivirus Research Center of Symantec Corp. of Cupertino, Calif.

'It runs completely in memory,' Trilling said. 'No program hits your disk.'

Despite its rapid spread, Code Red is not sophisticated, one system administrator said.

'This is a script-kiddie attack,' he said. 'It's not that intelligent.'

Still, 'Code Red is not gone,' Lindner said. 'It's going to be there for a while' and probably will continue to spread in variant forms.

inside gcn

  • Phishing

    Phishing is still a big problem, but users can help shrink it

Reader Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group