ISS' Chris Klaus: 'Worm splatterer'
'Code Red': Is the worm a slug?
By Porter Anderson
(CNN) -- Despite Christopher Klaus' warning that "It's becoming a smarter worm," there were no reports of immediately detectable negative impact from the "Code Red" computer worm a couple of hours after it was expected to have launched new infections online.
Klaus of Internet Security Systems (ISS) said he and his 200-plus X-Force researchers aren't sure that patches meant to stop the "Code Red" computer worm will hold against the worm's action. A re-launch of the worm's infectious replications of itself had been anticipated to start at around 8 p.m. EDT Tuesday.
A couple of hours into the predicted launch period, one of Klaus' executives at ISS, Tari Schreider, vice president of global operations, said the propagation appeared to be slow and perhaps not mutated as Klaus and others had feared.
"It's a very similar 'storm path' as the first attack," Schreider said, meaning something security specialists could feel familiar with and prepared for.
Earlier, Klaus had foreseen an adjustment to the worm's propagation algorithm that might make it harder to stop, even with patches in place. "The original author of the worm or someone else has come in and optimized the propagation algorithm," Klaus said, wryly calling himself the cyber-counterpart to a ghostbuster: "I'm a worm splatterer."
Two important points:
The Code Red worm is not considered a threat to free-standing single computers, including home systems, although online users could encounter significant slowdowns in response. Indeed, surfers may run into disruptions of various sites' operations as the Internet becomes clogged with the worm's replications of itself. This worm's real targets are networks of computers, mostly large institutional networks, specifically those with the Microsoft IIS Web server software and Windows' NT or 2000 operating systems.
Being a worm, Code Red doesn't arrive in e-mail as a virus might. It "worms" its way into computers.
And for the moment, Klaus and company are scanning the Net, watching, waiting, wondering if this week's resurgence of the worm could affect more than 250,000 computers as it did on first appearance, July 19.
"We knew about this vulnerability a month before the worm emerged," Klaus said. "If companies knew to scan even their perimeter machines, they could easily have seen this vulnerability and applied this patch and not be affected. I think what we're going to see is a new awareness around this and, as a result, new emphasis on planned vulnerability scanning so they have a fixed process."
'Very much the worm hunter'
Klaus, 27, is a native of Sarasota, Florida, and said his youth as a nerd -- and a boyhood reading of William Gibson's 1985 novel "Neuromancer" -- got him started early in computers.
"In the beginning days, I was very much the worm hunter," he said. While still a senior in high school, Klaus started work on software that could identify and fix network security weaknesses -- those "vulnerabilities" he talks about.
"A friend of mine who was going to New College," a campus of the University of South Florida in Sarasota, "showed me a summer internship at the U.S. Department of Energy," Klaus said. "You got to work on supercomputers, large networks, all kinds of really nerdy things."
While an engineering undergraduate at Georgia Tech, Klaus released Internet Scanner, his first security software, as a free application on the Internet. It was so successful that he left school in his sophomore year and founded ISS, which last year pulled in $195 million in revenue, trading since 1998 (ISSX) on Nasdaq. He recently donated $15 million to Georgia Tech for an advanced computer technology building.
By last January, ISS had seen 22 consecutive quarters of growth and had a total work force of more than 1,200. Last month, ISS acquired Network Ice, which makes the highly regarded Black Ice Defender security software. And on Monday, ISS' X-Force director Chris Rouland appeared as a commercial security industry representative on the National Infrastructure Protection Center panel that gave a news conference in Washington on Code Red.
Today, if anything, Klaus said he and his ISS associates would like to see the Code Red worm act as an alarm, itself, to corporations. "Many companies, even large ones," he said, "have yet to get long-term, multilayer security approaches.
"Anti-virus software does nothing to stop a worm," Klaus said. "Firewalls can't stop a worm. We're preaching those burglar alarm systems with IDS capability" -- intrusion detection systems -- "and vulnerability scanning."
And, like so many others, Klaus and his colleagues at ISS will continue in the ensuing hours and days to scan for what evidence may be out there -- of the Code Red worm turning again.
|Back to the top|