Code Red: Blessing in Disguise?
The Code Red virus, which did a Tony Soprano on Microsoft Internet Server boxes around the world, may actually end up doing more good than harm.
The Web site Netcraft (www.netcraft.com
which surveys Web servers across the Internet monthly, shows that whereas
34 percent of IIS servers were vulnerable to Code Red in July, only 2
percent of those same servers were vulnerable in August.
Netcraft concludes, “The combination of the Code Red worm and the first
cumulative patch for Microsoft-IIS has significantly improved the security
of Microsoft-IIS systems on the Internet.”
The figures, Netcraft said, “demonstrates, in part, the deep-set complacency
regarding security amongst e-commerce sites and, in part, the difficulties
in maintaining a reasonable level of security without the benefit of regular
external testing. The high visibility of Code Red induced many e-commerce
sites running Microsoft-IIS to patch their systems for the first time.”
That’s partially Netcraft spin, as the company does external testing
of Web sites, but it also points out a problem other organizations have
said exists: Some MCSEs don’t have the necessary training on how to properly
patch and reconfigure servers.
The patches may also have reduced the potential damage from a number
of other IIS-related vulnerabilities. According to the survey, the number
of servers with administration pages accessible by Internet users dropped
from 35 percent in June to 10 percent in August; server paths revealed
(which could give a hacker valuable information on how to find servers)
dropped from 50 percent of servers in June, to 23 percent in July, to
6 percent in August. The percentage of servers with viewable script source
code spiraled down from 21 percent to 11 percent to less than 4 percent
over the same three-month period.
Netcraft also promises to reveal, at a later date, whether IIS servers
are becoming less frequently used due to concerns about the security holes.
Even with just 2 percent of servers vulnerable, Code Red is still doing
its best to propagate. One certified professional with an IIS server on
the Internet said his machine still gets attacked 20 to 50 times per day.
Keith Ward is the editor in chief of Virtualization Review. Follow him on Twitter @VirtReviewKeith.