Current weather

  • Scattered clouds
  • 54°
    Scattered clouds

'Code Red' worm takes hold on almost 150,000 computers

Posted: Thursday, August 02, 2001

WASHINGTON -- The viruslike ''Code Red'' worm infected computers around the world Wednesday, although the outbreak wasn't as severe as predicted.

''We're still watchful, but for the first time, we're hopeful as well,'' said Alan Paller, research director at the SANS Institute, a computer security think tank working with the government to monitor the Internet.

He said despite the good news, they had detected new variations of the worm and were working overnight to analyze them and their capabilities.

Almost 150,000 Internet-connected computers running Microsoft's NT or Windows 2000 operating system had been infected by Code Red by late Wednesday night, according to SANS data. Although the rate of infection doubled each hour early on, the rate of increase gradually abated.

''We can't say for certain the threat has been eliminated,'' said Ron Dick, head of the FBI's National Infrastructure Protection Center.

The Pentagon had to shut down public access to many Defense Department Web sites again, a week after it shut down most military sites to protect against Code Red.

A spokesman said the Pentagon system was slowed and one civilian agency's server was infected.

''We remain vigilant in monitoring this situation,'' said a joint statement by the FBI, White House and other officials Wednesday night.

Unlike a computer virus, which needs a person to help it spread, a worm infects other computers on its own. It does not affect most home computers.

Officials worried that the outbreak would be as crippling as Code Red's first appearance on July 19, in which over 250,000 systems were infected in its first nine hours. As a result, there were widespread slowdowns and outages across the Internet. This time, after Code Red launched at 7 p.m. EDT, the worm has had a much lower infection rate.

German, French and British officials reported that Code Red's impact was minimal.

''Fears that the worm would have a potentially devastating effect on the Internet seem to have been unfounded,'' said a statement from Britain's Home Office, the country's top law enforcement institution.

But foreign and American computer experts continued to warn that computer users should still download a software patch from Microsoft to inoculate their systems from the worm.

Web site administrators running Microsoft Windows NT and 2000 operating systems, along with the Internet Information Services software, are vulnerable unless the patch is installed. Users running Windows 95, 98 or Me are not affected. Experts worried that newly discovered versions of the worm can be reprogrammed to launch crippling attacks on any Web site. They also warn that the danger is far from over.

Code Red is programmed to keep trying to infect computers until the 19th of the month. After that, it goes into attack mode, sending junk data to the White House's Web site.

Even though the White House moved its numerical Internet address last month to dodge the first outbreak, the attack may have the unintended affect of clogging up the Internet causing slowdowns.

This is similar to millions of phone calls to a wrong number not affecting the intended recipient, but the calls themselves still jamming phone lines for everyone else.

FBI officials said over a million people had downloaded the patch from Microsoft, although it was impossible to guess how many computers have actually been fixed.

Experts' predictions ranged from the infection of a million or more computers and a massive Internet slowdown to little effect. The government took few chances, pressing to get as many Web site operators as possible to inoculate their systems before the attack.

Code Red is the most infamous computer worm since the first worm, created in 1988, which took down most of the fledgling Internet.

Owners of infected computers can turn their computers off and on again to clear out the worm, but they still need to install Microsoft's patch to keep from being re-infected.

------

On the Net:

SANS Institute: http://www.sans.org

National Infrastructure Protection Center: http://www.nipc.gov

Microsoft Security Patch: http://www.microsoft.com/technet/security/bulletin/MS01-033.asp

Code Red technical data: http://www.digitalisland.net/coderedalert



CONTACT US

  • 150 Trading Bay Rd, Kenai, AK 99611
  • Switchboard: 907-283-7551
  • Circulation and Delivery: 907-283-3584
  • Newsroom Fax: 907-283-3299
  • Business Fax: 907-283-3299
  • Accounts Receivable: 907-335-1257
  • View the Staff Directory
  • or Send feedback

ADVERTISING

SUBSCRIBER SERVICES

SOCIAL NETWORKING

MORRIS ALASKA NEWS