Stepping up Net security
30th July 2001 (Computimes)

THE National ICT Security and Emergency Response Centre (Niser) has advised local organisations to take serious efforts to beef up their computer systems security in the wake of rising computer virus attacks.

One of the more recent attacks, the Code Red worm, caused network interruptions in many entities and could have created more severe damage had it not been detected and identified earlier.

Niser's assistant director Raja Azrina Raja Othman said Code Red is an Internet worm which like other recursive programs can flood the network severely as well as carry "expensive" payload.

She said the worm is not the same type as macro and computer viruses such as Melissa and CIH which propagate via electronic mail.

"The Code Red worm actively scans and infects without initiation or intervention from any human action. Thus, the effect can be tremendous."

Raja Azrina said the worm seemed to behave within a certain time frame. "It builds a database of Internet protocol (IP) to be scanned and repeatedly scanned the network to identify, attack and infect the computers. If it had not been coded to be time-based, the damage could be have been more severe," she said, adding that the whole Internet was believed to be widely scanned during the four days from July 17 to 20.

Raja Azrina said many organisations which experienced network interruptions, especially on July 18 and 19, were not able to determine the cause, except for a few which forwarded the logs to Niser.

"We helped them to identify the Code Red worm and advised on what needs to be done," she said, adding that Niser received probes from over 500 hosts, most of which are foreign based.

Raja Azrina advised organisations to look at their network design, network security requirements, and policy and procedures to mitigate the risk of virus and worm attacks. Details on the new threat can be found at Niser's Web site (http://www.mycert.org.my) under the "Alert" heading.