S'pore broadcaster invaded by Code Red worm

When users tried to download ringtones from Media Corporation of Singapore's Web site last Friday, they were greeted by a message--"Hacked by Chinese".

SINGAPORE--When users tried to download ringtones from Media Corporation of Singapore's Web site last Friday, they were greeted by a message--"Hacked by Chinese".

This was the same message which last week hit more than 15,000 English-language servers running Microsoft's Web server software. As earlier reported by ZDNet News, the Code Red worm slips through a security hole in Microsoft's server software--relied on by as many as six million Web servers.

In describing her encounter, one surfer said: "I went to the site to send my friend a ringtone. After submitting all the required fields, I got a 'blank page' with the words 'Hacked by Chinese'."

But MediaCorp maintained that its Web site was not compromised. "We have carried out a thorough investigation and found no evidence of the alleged Code Red worm (attack)," a company spokesperson said in an email interview.

She added that the company has, however, applied the patch from Microsoft as a precaution. "Although this is an isolated matter, we don't take this lightly." MediaCorp runs Microsoft IIS/5.0 on Windows 2000.

Security experts have said that system administrators might not be able to detect the intrusion as the worm executes only in memory and never writes any information directly onto the disk.

"That users have to pay the price for weaknesses in Microsoft's Web server software is already bad. Increasingly, we're seeing cases of system administrators neglecting to upgrade their anti-virus software or implement the relevant patches...knowing full well that IIS is unstable and worms (or viruses) can spread like wildfire," one security expert said.

In addition to seeking out new hosts to attack, the worm may attempt a denial-of-service attack. Also, the worm creates multiple threads, which can cause instability of the system, warned Symantec Corp.

If system administrators don't patch their systems by August 1, they could be reinfected with the worm.

As for MediaCorp, experts said the company must implement stringent security measures to avoid any untoward incidents, especially since its Web site was defaced on June 15, 1999.

Student Edwin Lim Zhaoming, then 18, hacked into the company's Web site, renaming it "Mediashitty". He also posted vulgar messages and abused Microsoft founder Bill Gates. Lim was sentenced to five months' jail.

Newsletters

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
See All
See All