Businesses around the world are preparing for the latest strain of
the Code Red worm, which is set to strike Microsoft IIS Web servers
on Wednesday.
Microsoft released a patch for download on its Web site on 18 June,
but analysts estimate there are still up to 300,000 systems open to
attack.
Security experts believe that the majority of those who have failed
to deploy the patch so far are smaller companies or home users.
Most large organisations, if they haven't yet deployed the patch,
are certainly aware of the security risk.
Eric Chien, chief researcher at Symantec's anti-virus research
centre, said these users were often reluctant to take their systems
down to install the patch, because it requires systems to be
re-booted.
"For large corporations [that haven't yet installed the patch],
it's having the time to do a restart or bringing down the Web
server. They also like to test everything before installing it,"
Chien said.
But reticence could have a potentially disastrous affect on a
business if the worm gets a firm grip on its targets.
"I think it's a case of you've got to install it, or you're in
trouble," said Alex Shipp, anti-virus technologist at managed
security services provider, Message Labs. "If you're vulnerable,
your computer will be found very quickly and exposed."
Shipp suggested some reports of the worm's impact were overstated.
"I don't think we'll see a meltdown of the Internet but I think
there will be problems, especially with slow links," he said.
According to Alan Lawson, research analyst at the Butler Group, the
complacency of IT administrators will cause a far bigger problem.
"It's always strange to see [so many people ignoring warnings], and
it's such a simple patch to install," he said. "I think it boils
down to the priorities of the IT administrator - I think it's
complacency."
Lawson explained that many users think having a firewall is the
solution to all security issues.
Ovum analyst Graham Titterington told CW360 that users who have
been slow to upgrade, were balancing fear of attack with fear of
disrupting their systems.
"One of the big problems with security issues, particularly those
that affect IIS servers, is that most companies are not very good
at installing patches. This is in part due to fear of the
consequences of tinkering with a system that is working fine. There
is a strong temptation with something as complex as operating
system software to leave well alone."
Many corporate users are taking the threat seriously. The airline
BMI British Midland, for example, is weighing its options.
"We have read the notification about its content [Code Red] and
we're looking at its security implementations," said David
Whisdish, computer services manager at the airline. "We will take
the necessary action and if it requires us to take the Internet
server down, we most certainly would."
Jose Lopez, lead analyst for the European networking service at
Frost & Sullivan said the worm's authors might have been hoping
to create panic. "E-mail and information about the worm can
collapse the network," Lopez warns. "That's probably one of the
intentions of the people that are releasing this virus; to create
chaos in the network."