Log In

Reset Password
BERMUDA | RSS PODCAST

Code Red virus expected to strike

WASHINGTON (Reuters) - The fast-spreading "Code Red" Internet worm, which disrupted US government Web sites last week, is likely to start multiplying again today and could slow the Internet worldwide, officials said yesterday.

Code Red, which first surfaced in mid-July, is expected to re-emerge at 9 p.m. Bermuda time today, according to the FBI's National Infrastructure Protection Center (NIPC) and other online security watchers.

"There is reason for concern that mass traffic associated with the worm's propagation could degrade the overall functioning of the Internet and impact ordinary users," said NIPC Director Ronald Dick at a news conference.

Computers running the Windows NT or Windows 2000 operating systems and Microsoft's Internet Information Server (IIS) software version 4.0 or 5.0 are vulnerable to infection and the users should install a software patch. Instructions for the patch are available at www.digitalisland.net/codered.

Computer users running Windows 95, Windows 98 or Windows Me are less vulnerable, and no action was recommended for them.

For infected computers, turning the machine off and then on gets rid of the worm but does not provide immunity from future infection.

Code Red was first noticed in mid-July and appeared to spread most virulently on July 19, but has been largely dormant since about July 23, experts from industry and government said at the news conference to publicise the software patch.

The worm was expected to strike again this evening at the hour corresponding to the first instant of Wednesday, August 1, based on so-called universal time, which is the same as Greenwich Mean Time.

The worm, named for a caffeinated soft drink favoured by computer programmers, works by installing itself on server computers that then are instructed to blitz government Web sites and others with data, which can slow them down.

"What makes this one different from any other is how dramatically ... it has been able to propagate itself and the viciousness associated with that," Dick said.

The worm can also deface sites, though in two of the three known variants, no vandalism is apparent to computer users. In last week's hits, some US government sites showed the message "Hacked by Chinese."

It scans the Internet, looking for other computers to infect, and as more and more computers are infected the scanning gets more widespread.

"This uncontrolled growth in scanning directly decreases the speed of the Internet and can cause sporadic but widespread outages among all types of systems," the online security watchers said in a joint statement.

The version of Code Red that could hit Tuesday "has mutated so that it may be even more dangerous," the statement warned. "This spread has the potential to disrupt business and personal use of the Internet for applications such as electronic commerce, e-mail and entertainment."

While the White House Web site managed to avoid disruption when the worm surfaced on July 19, the Pentagon temporarily cut off public access to hundreds of its Web sites on July 23 to guard against it. Public access was restored to the Defense Department sites on July 24.

Dick noted that on July 19 alone the worm had infected more than 250,000 computer systems in just nine hours and it was estimated it could affect 500,000 Internet addresses in a day.

He said the source of the worm was being investigated, but said it was up to the users of the Internet to take the measures needed to secure the net from such attacks.

Russ Cooper of security services company TruSecure Corp. said Code Red is "huge" compared to the Melissa and ILoveYou viruses.

Code Red is "enough to cause the meltdown of the Internet," Cooper told Reuters. "Whether your machine is vulnerable or not, if 300,000 machines all try and send you 8 kilobytes of data, you won't be able to use the Net in the process."