At 16:29 30/07/01 -0700, Sean Donelan wrote:
Your logic is flawed. If this was true, zombie networks would be largely ineffective. The current mutation is nothing more than an automated zombie distribution network, with all fun options of current zombie networks such as remote control, remote upgrades etc...
You may want to read up on the details of this one, like the
On Mon, 30 July 2001, Christian Kuhtz wrote: presentation at
the bottom of http://www.digitalisland.net/codered/
If "code red" is nothing more than what we've been seeing for years, why the special CNN reports every half-hour, and the joint press conference with our fearless leaders today? What makes "code red" so extrodinary it merits this special response, when previous "zombie" networks didn't? I have a hard time seeing how "Code Red" will ever live up to the advance hype on August 1. Is Don King managing the pay-per-view for this event? Michelangelo Vs. Code Red.
In this case, IMO, the hype was warranted. If not for the 2 code errors in Code Red, this worm, using 300K zombies at 50Mb/sec each would have hit the Internet with about 15Tb/sec of aggregate traffic. The next time, we all won't be so lucky.
Why don't we just have an annual, lets update your Microsoft software patches day. Every year the press can get on the bandwagon and remind us about changing the batteries in our smoke detectors and downloading the latest patches.
There are a lot of flawed systems out there. Downloading a couple of patches for "Code Red" isn't enough to protect your system from all the other things. I'm worried the joint press release is doing a disservice if people have a false sense of security because they protected themselves from "code red."
On the other hand, will wednesday really be that much different from any other wednesday with the normal thousdand DDOS attacks happening, and normal spam, and normal e-mail/macro viruses, and normal zombies?
The Mafiaboy 100 zombies or recent IRC zombie-nets of 1800 zombies pall in comparison to 300K infected systems. IRC zombie-nets target cable modem and ADSL users. They typically can pump out 1Mb/sec of traffic. On the other hand, your typical web server is usually situated on much more bandwidth - typically FastEthernet. So targetting IIS servers is a sure way of maximizing your zombie power (the only more powerful worm would be an Apache zombie which has about 18M potential clients or a bind worm-zombie).
I think its a bit premature to predict the end of the Internet on August 1.
It won't happen this time, but the next time, we may not be so lucky. -Hank