Skip to content
Join our Newsletter

Hack Attack Part II

Just as this column was expounding on the virtues of protective firewalls, whether they be of the hardware or software variety, hackers pulled off another coup – proving once again that security, where the Internet is concerned, is a relative te

Just as this column was expounding on the virtues of protective firewalls, whether they be of the hardware or software variety, hackers pulled off another coup – proving once again that security, where the Internet is concerned, is a relative term.

Two highly contagious worm viruses made the news last week, inconveniencing millions by causing temporary shutdowns around the world. Neither worm will cause any permanent damage to Web servers, but that’s hardly the biggest worry. As long as the Internet is at the mercy of the mischievous, the online world will never be safe.

Right now these invasions are a little like someone breaking into the Louvre to look at the pictures. It’s only a matter of time, however, before thieves take something important or some psychotic torches the place.

A worm virus known as "Code Red" either affected or shut down over 225,000 Web servers and network systems around the world. A number of servers hosting Whistler sites were briefly affected, including the server for Pique NewsMagazine’s own site.

While most of these Code Red worm attacks were generally mindless, the person who wrote the code had a specific target in mind – the White House. The White House site was back up and running in no time but with a few alterations it took a little longer to catch – while the worm was tying up the system it appears that a hacker actually managed to get into Whitehouse.org and alter President George W. Bush’s inaugural address.

Here are a few highlights of the revised speech, in case you missed out:

"As I begin, I thank President Clinton for his service to our nation and our interns… And I thank Vice President Gore for a contest conducted with great woodenness and concluded so inconclusively. I am honored and humbled to stand here, where so many of America’s leaders have come before me, and where so many Bushes will follow. It’s hard to believe that two short weeks ago I couldn’t even spell Washington.

"We have a place, all of us, in a long story – a story like my pappy once told me, where a walrus and a carpenter set out to find some oysters. I’m sorry, I got distracted. Is anyone else here hungry? A guy gets appointed head of the free world and he can’t even get an appetizer at his own coronation. Stop kicking me… Oh yeah, the story.

"It is the American story – a story of flawed and fallible people, united across the generations by grand and enduring ideals. I think. Maybe that’s grand and ensuring. This ain’t a very good story, is it?"

Code Red destroyed and deleted some files as it jumped from place to place via the Internet, but for the most part it slowed system performance and created system instability. An analysis of the worm found that the infected computers were programmed to hit the White House computers on Thursday evening with a denial of service attack – essentially sending hundreds of thousands of messages to Whitehouse.org simultaneously to overwhelm the server.

Security analysts had been aware that Code Red existed weeks before the attack, but were unable to get ahead of it. CERT (www.cert.org), a kind of clearinghouse for hack attacks offering fixes and virus patches, had a solution available. Most of the affected servers were back up and running by the end of the day with the help of CERT and other virus protection services. Code Red only affected Web servers with the IIS Microsoft Windows configuration.

The second worm is called "Sircam," and if it’s not in your e-mail inbox already it’s probably on its way. Like a lot of the more troublesome worm viruses out there, Sircam propagates itself via email, using Microsoft Outlook Express or another e-mail application to send itself to everyone in your address book.

The person on the receiving end gets an e-mail from a friend or an associate and opens the email and the attachment. Once the attachment is opened, Sircam sends itself to everyone in his or her address book, and so on and so on. What makes Sircam hard to protect against is the fact that it uses randomly selected subject lines and messages, like "I send you this file in order to have your advice" and "See you later! Thanks".

This wouldn’t be so bad except that Sircam isn’t content to procreate – it likes to recreate as well, potentially embarrassing affected persons.

While it’s in your computer, Sircam scans your "My Documents" folder and sends a few files with the ".doc" and ".jpg" extensions along to everybody in your address book. That’s not good if it’s proprietary business information, a sonnet you wrote to your intern, or a naked picture of your best friend’s wife.

Tips on removing Sircam from an infected computer are available on most anti virus Web sites.

While most viruses are easily intercepted and the public usually has some kind of warning, worm viruses are a little different in that they can wait, hide, and find their way into almost any system providing you let them.

It’s not enough to respond to worm and virus alerts. Keeping your server and your inaugural speech safe means keeping up to date on all the latest viruses, worms, or other unwelcome invasions. You snooze, you lose.

www.cert.org – Carnegie Mellon Software Engineering Institute

www.eeye.com – eEye Digital Security

www.zdnet.com – Computer newswire

www.microsoft.com/technet/ – Microsoft’s virus and security centre for Office and Windows software.

www.apple.com/support/security/ – Apple’s virus and security centre for proprietary and Apple OS platforms.