Viruses: The Code Red Worm

Written by Richard Lowe

Continued from page 1

The bug is something commonly known as a "buffer overflow", which simply means you can send more characters torepparttar web server than it is capable of receiving. When a program receives characters it writes them to memory in a place called a buffer. If a poorly written program receives more characters than it is designed to handle, it will, under special conditions, causerepparttar 132081 extra characters to be executed with privileges.

To put it very simply, it was discovered that you could causerepparttar 132082 Indexing Service to "overflow it's buffers" and execute selected code as a privileged user. This allows a special hacker program (which is reported to have required all of a half hour to write) to gain control of a server.

You have to understand that buffer overflows are nothing new torepparttar 132083 world of computing. In fact, I am sure thatrepparttar 132084 first programmer is alsorepparttar 132085 first person to experience this condition. This is well known to competent quality control departments, programmers, designers and, of course, hackers.

To put it bluntly, buffer overflows should not occur in any program written by any programmer who has passed "programming 102". In addition, any quality assurance person who has taken "quality control 101" should be able to check for and spotrepparttar 132086 problem from a mile away. All right already, so what isrepparttar 132087 infamous Code Red worm?

Code Red is a clever little program which takes advantage of this gaping hole inrepparttar 132088 Index Server. Whatrepparttar 132089 program does is search for systems withrepparttar 132090 flaw. It's easy to find those systems and Code Red is very good at it's job. So good, in fact, that in early August 2001 it is estimated that it infected over 300,000 machines!

Oncerepparttar 132091 worm finds a machine, it executesrepparttar 132092 buffer overflow condition and causes itself to be installed onrepparttar 132093 machine. Rememberrepparttar 132094 Wrath of Kahn movie whererepparttar 132095 beetle withrepparttar 132096 big pincers crawled into Checkov's ear? It's something like that.

Oncerepparttar 132097 bug got into his brain, oh sorry ... oncerepparttar 132098 worm has installed itself it does a number of different things depending uponrepparttar 132099 day ofrepparttar 132100 month. Some days nearrepparttar 132101 beginning of a month it will search for new systems to infect. Towardsrepparttar 132102 middlerepparttar 132103 worms will all launch an attack againstrepparttar 132104 Whitehouse web site. Atrepparttar 132105 end ofrepparttar 132106 month, all of these malicious little programs will sleep, waiting forrepparttar 132107 next month.

Interestingly,repparttar 132108 Code Red worm has a couple of small flaws. First, it's attack is directed at a single IP address. Thus, duringrepparttar 132109 first waves of attacks in Julyrepparttar 132110 Whitehouse "dodgedrepparttar 132111 bullet" by simply changing their address.

Second,repparttar 132112 worm only installs itself in memory. This means it's simply a matter of rebootingrepparttar 132113 server to rid it ofrepparttar 132114 pesky infection. Of course, if you don't installrepparttar 132115 patch (a fix to repairrepparttar 132116 problem, conceptually likerepparttar 132117 piece of rubber used to patch a hole in a tire), it's just a matter of time until your system gets infected again.

Naturally, a new worm called "Code Red II" worm has been reported inrepparttar 132118 wild, and almost certainly does not include these flaws. Hopefully system administrators will comply and install their patches so their systems will not be assimilated intorepparttar 132119 Code Red and Code Red II attacks.

Richard Lowe Jr. is the webmaster of Internet Tips And Secrets at - Visit our website any time to read over 1,000 complete FREE articles about how to improve your internet profits, enjoyment and knowledge.

Backing Up Your Stuff Part 2: A Solution

Written by Richard Lowe

Continued from page 1

- Very slow

- Data errors are common

- Specialized backup/restore software required.

- Attempting to restore on different tape drives or on different machines is likely to fail or to be extremely difficult. Tapes do not support random access, so restoring single files is a long and painful process.

Writeable CDs - I have found that writeable CDs are by farrepparttar best option to use for backups. When you purchase media, you haverepparttar 132080 choice of buying write-once disks (very cheap) or read-write disks (much more expensive). I like to mix and match - sometimes write-once is good (when I want to create a permanent archive of my data) and sometimes read-write is what I need.

I recommend writeable CD drives forrepparttar 132081 following reasons:

- The media comes in two formats. Both formats are relatively cheap, especially when purchased in bulk.

- The error rate is low.

- The media will last a long time.

- You can store over 600 megabytes on each disk.

- The disks are easy to store. In fact, you can userepparttar 132082 same jewel cases and storage racks that you use for your audio CDs.

- If you write in compatible format, you can readrepparttar 132083 CDs on any system with a CDROM drive.

- You can userepparttar 132084 same hardware and software to create audio CDs.

Onrepparttar 132085 other hand, some ofrepparttar 132086 disadvantages are:

- Writing is rather slow.

- The drives do require specialized drivers and cabling to be installed on your system.

Disk-To-Disk - Disk drives are becoming extraordinarily cheap. You can easily purchase 50 gigabyte drives for under $500 (and I've seen them much lower). One possible backup solution is to purchase a drive to match each of your other disk drives. For example, if you have a C and D drive, you could purchase two more disk drives and install them, making them E and F (or whatever).

The advantages of this scheme are:

- Disk-to-disk backup is very fast

- Data written from disk to disk tends to be very reliable.

- The data is easy to recover.

Disadvantages include:

- The data is still accessible from your system, which means viruses, hackers ad environmental disasters (such as a flood) can destroy your data.

One alternative to look at if you have a small network in your house is to get a network disk drive. These are available atrepparttar 132087 $500 to $1,000 range and sit onrepparttar 132088 network. You can backup and restore files from them easily and quickly.

Conclusions - So what do I recommend? Purchase a writeable CD drive and install it on your system (make sure it is compatible before you make your purchase). If you've gotrepparttar 132089 money, purchase a networked disk drive which isrepparttar 132090 same size as all of your local disks put together. Why? The writeable CD unit allows you to create backups at will of many of your files. You can store these backups off-site, transfer files between, machines, and have a high expectation thatrepparttar 132091 data will still be good in five to ten years. The networked disk drive allows you to create full backups of your system quickly and easily while you are sleeping. This gives you complete recovery inrepparttar 132092 event of a disaster.

Richard Lowe Jr. is the webmaster of Internet Tips And Secrets. This website includes over 1,000 free articles to improve your internet profits, enjoyment and knowledge. Web Site Address: Weekly newsletter: Daily Tips:

    <Back to Page 1 © 2005
Terms of Use