Code Red Not a Red Herring

8 August 2001

Date: Wed, 8 Aug 2001 00:12:43 -0700 (PDT)
From: the Pull <osioniusx@yahoo.com>
Subject: Re: "Code Red - Red Herring"
To: jya@pipeline.com

Code Red - Red Herring was way off. I am extreme critic of cry wolf syndrome within the security industry.

However, this one time, the NIPC and the media was right to shout about this. NOT BECAUSE OF WHAT THE WORM WOULD DO, but because it is a sign of increasingly worse zombies attacking sites.

IIS administrators in the public and private sectors have, for long, been negligent in updating their servers. This has been proven time and time again in website hacks across the world.

I didn't even bother to post on the worm, myself. I knew it would fizzle out. Maybe it is causing network problems now. Maybe not.

What I do know is I wrote specs for the worm a year and a half ago on packetstorm.

http://209.100.212.5/cgi-bin/search/search.cgi?searchvalue=funtimeApocalypseWin%5Bsearch%5D.x=17&%5Bsearch%5D.y=12

To say that sort of thing is ludicrous and won't harm anything, is outrageous.

I am glad people outside of the security industry are finally starting to catch on that DDoS agents are a threat. We have been lucky no one has done something even nastier. The possibilities are definitely there.

The architecture is common sense.

****************************************

posted to: alt.fan.cult-dead-cow

http://cryptome.org/yell-fire.htm

I disagree with this. First of all, I have been extremely harsh and constant in pointing out that the media has a "cry wolf" mentality, and that even the NIPC has helped this.

The Code Red worm is the beginning of a seriously disturbing trend. It is inevitable and obvious. To state that the DDoS warnings of last year were "fake" and "full of shit" -- is totally fucking irresponsible and clueless.

This was an ill advised article.

Fear is not the weapon. Cry wolf sucks, but search this group for the phrase and look at the fucking dates.

The TRUTH is that ddos has been knocking ISP's and websites down for days, even weeks at a time. This has been covered on a lot of news sites, for instance, slashdot.

Facts:

-> We know that ddos agents have been used against major websites, against universites, and against major IRC servers. eBay and Yahoo were just some of the more famous ones.

-> Most ddos agents to date have worked on a remote control principle. This is fine for 100 zombie agents, but 100,000? There are powerful ddos agents on the Windows (XTC) and Unix platforms. What Code Red is doing is a sign of the times.

-> Code Red mistakes are obvious. There is no stealth. It even changed the index.html, announcing its' presence. It is behind the times in polymorphism and in quietly infecting hosts. (All at once is a bad idea). It is common sense to make it target multiple targets. Someone will do this.

-> DDoS is a principle, not a written in stone method. Imagine sporge attacks on the usenet with one agent. It happens, and it closes down newsgroups. Now, amplify that by 1000 to 200,000! What happens?? That is just ONE thing these agents could do. The applications possible are ENDLESS.

-> These agents are NOT hard to make

-> There are plenty of people who CAN make them, that have the WILL to make them. It is just a matter of the right circumstances hitting their life. Just like in any other crime.

_________________________________________________