Rumors Surrounding the “Code Red” Epidemic Are Just That – Rumors; However,
“SirCam” Is Still an Epidemic
As previously reported, some US and British organizations spread the word at
the beginning of this week about a possible repeat of the "Bady" (Code Red)
Internet-worm epidemic. As a result of the announcement being reported
throughout the world, the facts were distorted, causing a real panic amongst
Internet users influenced by the inaccurate information.
“Virtually all messages concerning Bady that have been registered with us
since the beginning of the week have come from home users, who worried about
their computer security in vain. Frankly speaking, all of them were
confused by the incorrect mass media announcements,” commented Denis Zenkin,
Head of Corporate Communications for Kaspersky Labs.
As a result of the mass spreading of these rumors, Kaspersky Labs considers
it necessary once again to note that Bady poses no threat to home users. The
current Internet-worm is capable only of infecting computers operating
Microsoft Windows 2000 and Microsoft Internet Information Server (IIS) with
the Indexing Service switched on. This configuration of software is used
exclusively on special servers, and home computers and office workstations
operating any Windows version (including Windows 2000) are not exposed to
the Bady attack.
Other confusing factors furthering the rise of virus hysteria were the
predictions of a repeat of the July Bady epidemic. At that time (July), the
worm infected more than 350,000 Web-servers around the world and conducted a
massive DDoS attack on the US White House Web-site (www.whitehouse.gov),
causing a temporary disruption in the site’s operation. As Kaspersky Labs
announced on July 31, a repeat of the Bady epidemic did not occur, and,
moreover, our technical support department did not note even one occurrence
of infection by Bady.
Unfortunately, the groundless panic surrounding Code Red has distracted user
attention from the actual danger caused by the continuing epidemic of the
SirCam network worm. The level of infection by SirCam has already eclipsed
that of “LoveLetter” and “Melissa” combined, and a lowering in the number of
infections caused by SirCam has yet to be seen. Unlike Bady, SirCam poses a
threat to home users and corporate clients hooked up to the Internet. This
worm conducts an unauthorized distribution of random files via e-mail in
such a way that an infected computer could disclose sensitive documents and
other confidential information to the recipients from the address book.
One of the reasons the SirCam epidemic has not weakened is the lack of
attention paid to this real danger as a result of the uproar concerning
Bady. Most of all, US government organizations have tried avoiding a repeat
DDoS attack on the White House Web-site, which could have actually occurred
had system administrators not successfully installed the special patch
protecting the IIS system. However, as a result of the media’s reporting of
the first Bady epidemic, the overwhelming majority of IIS servers had been
installed with the protective patch.
Along with this, millions of average computer users have been left
neglected. It would have been better to pay closer attention to thwarting
SirCam rather than Bady, and as a result of this neglect, within the past
two weeks, SirCam has seized the top spot of the most wide spread malicious
code , exceeding many times over the infections caused by other programs of
Neutralizing procedures for SirCam have been added to the Kaspersky
Anti-Virus database as of July 17 of this year.