CODE RED Virus Alert!

[Keefe]

The Code Red worm quickly spreading across the Internet is programming infected computers to attack the White House Web domain with a denial-of-service attack Thursday night -- a concerted attack that could slow Net traffic to a crawl, security experts said Thursday.


The planned attacks on whitehouse.gov will take place on the 20th day of each month (based on Universal Time) as long as a machine is infected, said Marc Maiffret, chief hacking officer at eEye Digital Security, an Internet security firm that released a detailed analysis of the code.


The Code Red Worm is believed to have infected at least 100,000 servers so far. First discovered last Friday, the worm exploits a known security flaw in Microsoft's Web server software.


According to Maiffret, each infected server will send as much as 410MB of data every four hours or so, depending on how many times it's been infected (multiple infections are possible). If thousands of infected machines attack whitehouse.gov at once, the flood of data could bring the Net to its knees, he said.


"If this goes along what it's looking like, parts of the Net will go down," Maiffret said.


Government officials are reportedly reviewing eEye's analysis.


Dubbed Code Red because of evidence suggesting it originated in China, the self-spreading program defaces infected websites and also contains malicious code that could let hackers identify infected servers and take control of them remotely.


Several posters to the popular Bugtraq security mailing list run by SecurityFocus.com have noticed an unintended side effect of Code Red: The worm seems to be crashing some DSL routers and higher-end network routers that direct data around the Internet.


Code Red works by taking advantage of a glitch in Microsoft's Internet Information Server software. The hole, which eEye discovered, allows hackers to take control of the computers. Microsoft first disclosed the security hole June 18 and has made a downloadable patch available on its website. More than 6 million servers on the Internet use the software.


But despite Microsoft's efforts to publicize the flaw, many system administrators have failed to download the patch, according to Scott Culp, security program manager for Microsoft's security response center. This slow response has allowed Code Red to infect millions of servers still using unpatched versions of the software, Culp said.


Even servers running Microsoft's own websites aren't immune from Code Red. Earlier Thursday, webpages on both MSN.com and Microsoft.com were defaced.

are there any current viruses being spread by email right now?