* subscribe at http://techPolice.com Monday, Aug. 6, 2001 SAN FRANCISCO (Reuters) - They came to dine on filet and smoked duck but a computer worm ended up as the main course. A group of high-powered Internet security experts took their laptops to dinner on Saturday and between courses began analyzing the virulent new worm that now threatens the Web, the researcher who hosted the gathering said Monday. Analysts from Microsoft, Symantec, Computer Associates, Deloitte & Touche and the U.S. Naval Fleet Warfare Center among others had been gathered at the third annual NTBugTraq retreat in Canada when the first reports of Code Red II circulated, said Russ Cooper, surgeon general of TruSecure Corp. The group, representing about 20 companies, was finishing up a six-course dinner that included smoked duck, filet mignon and South Australian Shiraz wine on Saturday night at Cooper's home in Lindsay, Ontario, he said. ``It was a meal with laptops beside the dinner plates,'' said Cooper, who runs the NTBugTraq email list where security alerts about Internet viruses are routinely distributed. Nick Fitzgerald, who works for Computer Associates in New Zealand, was checking his email when he found an alert for members of the Computer Antivirus Researcher's Organization (CARO) around 10:30 p.m. EDT, Cooper said. The email, from a Romanian researcher for Cambridge, England-based antivirus firm Kaspersky Labs, warned of a new Code Red worm. The group gathered around the dinner table in Canada then managed to get a copy of the worm and began disassembling its code, while communicating with researchers in other countries via instant messenger, Cooper said. At 12:30 a.m. EDT, ``we were talking on the phone with a network administrator in Australia, comparing log entries,'' he said. ``We did pretty much cover the globe in terms of speaking to experts around the world.'' Cooper e-mailed a copy of the worm to Bruce Hughes, a manager in TruSecure's Internet Computer Security Association (ICSA) antivirus testing lab, dubbed ``Death Row.'' After being awakened by Cooper's phone call, Hughes drove to the lab in Carlisle, Penn., and got busy infecting several of its 165 computers with the worm to see how it operates, Cooper said. KNEW HOW TO STOP IT Cooper sent out his first Code Red II advisory to the NTBugTraq email list around 11:30 p.m. EDT on Saturday and another one at 5:20 a.m. EDT on Sunday, around the time the group was finally calling it a night. ``We had it pretty well sussed out at that point,'' he said. ''We knew what it could do and how to stop it.'' Other efforts to dissect and analyze the worm were going on at the same time. http://www.siliconvalley.com/docs/news/svfront/007647.htm ============================================================ Buy Shoes Online at Zappos.com: 1. Fast, Reliable Site 2. Devoted Customer Service 3. Great Shoe Selection 4. Price, Fit, and Satisfaction Guaranteed. http://click.topica.com/caaabCgb1dhr0b2EDp2f/Zappos ============================================================ --via http://techPolice.com archive: http://theMezz.com/cybercrime/archive subscribe: [EMAIL PROTECTED] --via http://theMezz.com ==^================================================================ EASY UNSUBSCRIBE click here: http://topica.com/u/?b1dhr0.b2EDp2 Or send an email To: [EMAIL PROTECTED] This email was sent to: archive@jab.org T O P I C A -- Register now to manage your mail! http://www.topica.com/partner/tag02/register ==^================================================================