* subscribe at http://techPolice.com 

Monday, Aug. 6, 2001 

SAN FRANCISCO (Reuters) - They came to dine on filet and smoked duck
but a computer worm ended up as the main course.

A group of high-powered Internet security experts took their laptops
to dinner on Saturday and between courses began analyzing the virulent
new worm that now threatens the Web, the researcher who hosted the
gathering said Monday.

Analysts from Microsoft, Symantec, Computer Associates, Deloitte &
Touche and the U.S. Naval Fleet Warfare Center among others had been
gathered at the third annual NTBugTraq retreat in Canada when the
first reports of Code Red II circulated, said Russ Cooper, surgeon
general of TruSecure Corp.

The group, representing about 20 companies, was finishing up a
six-course dinner that included smoked duck, filet mignon and South
Australian Shiraz wine on Saturday night at Cooper's home in Lindsay,
Ontario, he said.

``It was a meal with laptops beside the dinner plates,'' said Cooper,
who runs the NTBugTraq email list where security alerts about Internet
viruses are routinely distributed.

Nick Fitzgerald, who works for Computer Associates in New Zealand, was
checking his email when he found an alert for members of the Computer
Antivirus Researcher's Organization (CARO) around 10:30 p.m. EDT,
Cooper said.

The email, from a Romanian researcher for Cambridge, England-based
antivirus firm Kaspersky Labs, warned of a new Code Red worm.

The group gathered around the dinner table in Canada then managed to
get a copy of the worm and began disassembling its code, while
communicating with researchers in other countries via instant
messenger, Cooper said.

At 12:30 a.m. EDT, ``we were talking on the phone with a network
administrator in Australia, comparing log entries,'' he said. ``We did
pretty much cover the globe in terms of speaking to experts around the

Cooper e-mailed a copy of the worm to Bruce Hughes, a manager in
TruSecure's Internet Computer Security Association (ICSA) antivirus
testing lab, dubbed ``Death Row.''

After being awakened by Cooper's phone call, Hughes drove to the lab
in Carlisle, Penn., and got busy infecting several of its 165
computers with the worm to see how it operates, Cooper said.


Cooper sent out his first Code Red II advisory to the NTBugTraq email
list around 11:30 p.m. EDT on Saturday and another one at 5:20 a.m.
EDT on Sunday, around the time the group was finally calling it a

``We had it pretty well sussed out at that point,'' he said. ''We knew
what it could do and how to stop it.''

Other efforts to dissect and analyze the worm were going on at the
same time.


Buy Shoes Online at Zappos.com:
1. Fast, Reliable Site 2. Devoted Customer Service 3. Great
Shoe Selection 4. Price, Fit, and Satisfaction Guaranteed.

--via http://techPolice.com
archive: http://theMezz.com/cybercrime/archive
subscribe: [EMAIL PROTECTED]
--via http://theMezz.com

EASY UNSUBSCRIBE click here: http://topica.com/u/?b1dhr0.b2EDp2
Or send an email To: [EMAIL PROTECTED]
This email was sent to: archive@jab.org

T O P I C A -- Register now to manage your mail!

Reply via email to