One week ago, at 2100 GMT, hackers tried to cripple nine of the Internet¿s 13 root domain names system (DNS) servers, machines that form the backbone of the net by linking all domain names to numerical Internet Protocol (IP) addresses. For approximately one hour, these root servers endured a bombardment of requests¿a 40 percent increase over their normal traffic¿from ¿zombie¿ machines under the hackers¿ control. Seven of the machines were completely incapacitated by the deluge, known as a distributed denial of service attack (DDoS). ¿
Had the attack lasted for more than an hour and affected more machines, the hackers may well have crashed the DNS servers¿and the Internet with them. By several accounts, it was one of the most sophisticated cyber-attacks yet. What is certain is that this assault¿now under investigation by the FBI and the White House¿probably won¿t be the last. Hackers aside, DNS servers make attractive targets for terrorists, warns President Bush¿s cyber-security advisor Richard Clarke. ¿
Little more than a year ago, the Code Red worm tried to bring down the Net in a similar DDoS attack. Hacker Carolyn Meinel dissected the worm¿s ways for Scientific American and explained how a more successful DDoS attack in the future might possibly bring manufacturing to a halt, wipe out bank records, interrupt telephone service and much worse. That story follows. ¿the Editors
"Imagine a cold that kills. It spreads rapidly and indiscriminately through droplets in the air, and you think you're absolutely healthy until you begin to sneeze. Your only protection is complete, impossible isolation," says Jane Jorgensen, principal scientist at Information Extraction & Transport, Inc., of Arlington, Va. Jorgensen researches Internet epidemiology for the Defense Advanced Research Projects Agency (DARPA).
A Web version of this disease scenario has arisen over the past two weeks that has computer security researchers more frightened than ever before. They¿re worried about Code Red, a new Internet worm that infects the Microsoft Internet Information Server (IIS). Many of the most popular Web sites run on IIS. Code Red conducts a "distributed denial of service" (DDOS) attack, in which the invading agent overwhelms a Web site by directing computers to deluge it with spurious connections.
Chillingly, the recent Code Red attack may be a forewarning of similar but much more virulent Internet infections in days to come, researchers say. And future covert assaults on your own PC could force it to become an unknown hacker¿s unwitting pawn¿in the lingo, a "zombie"¿in the next round of computerized carnage.
Although previous Internet plagues brought about by the Melissa and I Love You bugs infected millions of computers, they caused only rather minor damage to each host. And whereas previous DDOS attacks infected hundreds or perhaps a few thousand computers, the current Code Red version 2 (CRv2) worm successfully invaded hundreds of thousands of machines in just a few hours. Had the Code Red vector been a bit more sophisticated, it could have caused real trouble for businesses and nations in the developed world, say the experts. Further, if an attack like this occurs a few years hence, when public, commercial and governmental reliance on the Internet will have grown exponentially, the results could be truly disastrous.
Though popularly called viruses, Code Red and many of its notorious predecessors are technically considered worms. A virus must incorporate itself into another program to run and replicate. In contrast, a worm is a self-replicating, self-contained program.