Egypt partners with Google to promote 'unmatched diversity' tourism campaign    Golf Festival in Cairo to mark Arab Golf Federation's 50th anniversary    Taiwan GDP surges on tech demand    World Bank: Global commodity prices to fall 17% by '26    Germany among EU's priciest labour markets – official data    UNFPA Egypt, Bayer sign agreement to promote reproductive health    Egypt to boost marine protection with new tech partnership    France's harmonised inflation eases slightly in April    Eygpt's El-Sherbiny directs new cities to brace for adverse weather    CBE governor meets Beijing delegation to discuss economic, financial cooperation    Egypt's investment authority GAFI hosts forum with China to link business, innovation leaders    Cabinet approves establishment of national medical tourism council to boost healthcare sector    Egypt's Gypto Pharma, US Dawa Pharmaceuticals sign strategic alliance    Egypt's Foreign Minister calls new Somali counterpart, reaffirms support    "5,000 Years of Civilizational Dialogue" theme for Korea-Egypt 30th anniversary event    Egypt's Al-Sisi, Angola's Lourenço discuss ties, African security in Cairo talks    Egypt's Al-Mashat urges lower borrowing costs, more debt swaps at UN forum    Two new recycling projects launched in Egypt with EGP 1.7bn investment    Egypt's ambassador to Palestine congratulates Al-Sheikh on new senior state role    Egypt pleads before ICJ over Israel's obligations in occupied Palestine    Sudan conflict, bilateral ties dominate talks between Al-Sisi, Al-Burhan in Cairo    Cairo's Madinaty and Katameya Dunes Golf Courses set to host 2025 Pan Arab Golf Championship from May 7-10    Egypt's Ministry of Health launches trachoma elimination campaign in 7 governorates    EHA explores strategic partnership with Türkiye's Modest Group    Between Women Filmmakers' Caravan opens 5th round of Film Consultancy Programme for Arab filmmakers    Fourth Cairo Photo Week set for May, expanding across 14 Downtown locations    Egypt's PM follows up on Julius Nyerere dam project in Tanzania    Ancient military commander's tomb unearthed in Ismailia    Egypt's FM inspects Julius Nyerere Dam project in Tanzania    Egypt's FM praises ties with Tanzania    Egypt to host global celebration for Grand Egyptian Museum opening on July 3    Ancient Egyptian royal tomb unearthed in Sohag    Egypt hosts World Aquatics Open Water Swimming World Cup in Somabay for 3rd consecutive year    Egyptian Minister praises Nile Basin consultations, voices GERD concerns    Paris Olympic gold '24 medals hit record value    A minute of silence for Egyptian sports    Russia says it's in sync with US, China, Pakistan on Taliban    It's a bit frustrating to draw at home: Real Madrid keeper after Villarreal game    Shoukry reviews with Guterres Egypt's efforts to achieve SDGs, promote human rights    Sudan says countries must cooperate on vaccines    Johnson & Johnson: Second shot boosts antibodies and protection against COVID-19    Egypt to tax bloggers, YouTubers    Egypt's FM asserts importance of stability in Libya, holding elections as scheduled    We mustn't lose touch: Muller after Bayern win in Bundesliga    Egypt records 36 new deaths from Covid-19, highest since mid June    Egypt sells $3 bln US-dollar dominated eurobonds    Gamal Hanafy's ceramic exhibition at Gezira Arts Centre is a must go    Italian Institute Director Davide Scalmani presents activities of the Cairo Institute for ITALIANA.IT platform    







Thank you for reporting!
This image will be automatically disabled when it gets reported by several people.



Red devil
Soha Abdelaty Published in Al-Ahram Weekly on 06 - 09 - 2001

Code Red, a "worm", will strike again in a new form this month. Soha Abdelaty asks if Egypt's computer users need worry
1 August 2001: Hysteria overwhelms the cyber-world. 'Code Red'' a "worm" named after an infamous US Marine disciplinary procedure, attacks the Internet. It is the most vicious and destructive glitch since the millennium bug, say the front pages. "Beware of Red Code" cried the daily Ahrar newspaper on 1 August, "it penetrated the US government, attacked the White House and forced the Pentagon to shut down its computers," it continued. It also reported that the US spent $1 billion fighting the dangerous worm. And that 250 million computers were infected in the US alone.
Others, such as the London- based Hayat newspaper were even more sensational: "the virus, Red Code, that woke on the night of 1 August, like the vampires in Dracula."
1 September, 2001: It has been a month since Red Code "woke," and Egyptians are no longer interested. Relax, nothing happened, laid-back IT experts say.
So, another unjustified worm/ virus/bug scare? Or do Egyptian computer users still have something to fear? And do we even know if Egyptian Internet users were harmed or not?
Computer users worldwide first became aware of the threat when the original version of the worm struck on 16 July. But only when 300, 000 computers worldwide were affected did experts realise the danger. The reaction time of some of our own Internet Service Providers (ISPs), in Egypt, was unforgivably slow. The "largest ISP in the country," LinkDOTNet, chose to notify its customers of the danger, and offer protection, a full two weeks after the worm had struck.
In the category of "diseases" that infect computers, Red Code is a 'worm'; a program that can replicate itself, either from one disk drive to another, or through other transporting mechanisms, like e-mail. It often arrives at its new host in the form of a joke program, or software of some sort. The worm can affect a computer in various ways: clogging e-mail servers, deleting or modifying files, and even releasing confidential information.
Code Red makes use of another beast in the IT menagerie: a bug. A bug is a programming error in a software program, such as web browser security problems. Code Red exploits Microsoft bugs to wreak its havoc. It takes advantage of a bug in the Indexing Services used by Microsoft Internet Information Server (IIS) 4.0 and IIS 5.0 running on Windows NT, Windows 2000, and beta versions of Windows XP. "This vulnerability allows a remote intruder to run an arbitrary code on the victim machine," explains Medhat Youssef head of the Technical Unit of RITSEC, the Regional Information Technology and Software Engineering Centre, an affiliate of a cabinet think-tank.
The Red Code worm's life-cycle has three stages. During the first, which ran from 1 August, until 19 August, the worm scanned the Internet, searching for specific security holes in IIS systems. The worm then moved on to its second phase, which lasted until 27 August. Then it exploited the affected systems to send attack traffic to the White House web server. But this phase was ineffective because the worm sent traffic to an Internet Protocol (IP) address no longer in use. Now in its final phase, the worm lies dormant.
Additionally, Code Red is designed to vandalise web pages, leaving its trace by the phrase, "Hacked by Chinese."
But Code Red was not yet done. It struck again, this time in a new variant that became known as Code Red II. It was discovered on 4 August and its effects were even more baleful than version one's. As well as being a worm, Code Red II is also a Trojan Horse. Unlike a worm, a Trojan Horse does not replicate itself, but otherwise inflicts similar damage. The Trojan Horse, unable to spawn a copy of itself, relies on users inadvertently e-mailing it to other users. Once again, however, it is received as a joke or a software program. Code Red II, as well as worming through systems, deposits a Trojan Horse in the form of a file that switches off file system protection, and publishes your C: and D: drives as web pages.
Code Red II does not vandalise web pages. Nor is it "date- sensitive" like its predecessor. But it is far more powerful because it gouges a dangerous hole in the server, allowing hackers access to those systems. Furthermore, while "it is clear that the harm of Code Red II is in the same category as Code Red I, it is more capable of spreading itself," says Youssef.
While some have learnt from their previous mistakes, patching vulnerable systems, other systems remain open to the new worm, and could be affected when the worm begins scanning for them this month. The problem lies in administrators' slow response time. Some have failed to patch their systems soon enough to protect themselves from the second round of worm attack. Even more egregiously, some software is still released with security holes.
Egypt is certainly not immune to Code Red, whether in its original format or the more recent form, especially as the IT market in Egypt grows. "It [Code Red] is overwhelming the network, so all users will feel its effect, [either] as a matter of slow Internet [or] as defaced web pages," Youssef explains. Nevertheless, it remains unclear how many users in Egypt have been infected.
Trying to chart Code Red's progress in Egypt is fiendish, simply because there is no authority capable of performing such a task effectively. Even the Central Agency for Mobilisation and Statistics (CAPMAS) has not thus far reported any damages from the worm, although there is no doubt that the worm reached Egypt at some point or other, argues Youssef.
But other analysts disagree, arguing that Egypt might be immune to Code Red II because so few users actually have Windows NT or 2000, relying mostly on Windows 95 and 98. Nasser Fouad, secretary-general of the Egyptian Software Alliance told Al-Ahram Weekly, "None of my clients has complained [of contracting the worm]; neither the banks nor the exchange bureaus."
Such analysts feel Egypt is safe: for now. It is unlikely that there will be a Code Red III. And if there is, by that time existing flaws in the system should have been fixed. "The threat is low due to the procedures taken to fix the problems allowing the worm to spread," says Youssef.
Recommend this page
© Copyright Al-Ahram Weekly. All rights reserved
Send a letter to the Editor

Clic here to read the story from its source.