post #1 of 1
Thread Starter 
BBC News

The BBC's Kevin Anderson:
"Worms don't need any intervention to make their way across the internet."

Roland Dick, Computer security expert:
"The internet could be seriously degraded by the Code Red worm."

The BBC's Nick Thatcher:
"It could have a profound effect."

Monday, 30 July, 2001, 13:07 GMT 14:07 UK

Internet's 'very real' virus threat

Code Red has targeted the White House website

The United States Government, security watchdogs and computer companies have issued warnings to organisations throughout the world urging them to protect themselves against a malicious program known as the Code Red worm.

Representatives of the White House, FBI, the Computer Emergency Response Team (Cert), Microsoft and others have posted warnings, and are planning a news conference on Monday to highlight the dangers of the worm.

Ron Dick, head of the US National Infrastructure Protection Centre (NIPC), said worms like Code Red posed a distinct threat to the internet.

The worm has already infected hundreds of thousands of systems, and experts are now divided over whether it will try to infect even more machines on 1 August.

White House web attack

Earlier this month, the White House was forced to change the net address of its public facing websites following warnings that Code Red had infected many thousands of machines and was about to flood it with bogus data requests.

In Code Red's first search and infect wave that ended on 19 July, the Code Red program is thought to have installed itself on more than 250,000 machines.

Now, the Code Red program is about to launch a search for more machines to infect.

Experts fear the wave of scanning this will unleash could cause problems for net users.

Computers generating copies of the worm could slow down, and Cert warns that the consequent increase in net traffic could "cause sporadic but widespread outages among all types of systems."

Thankfully, a bug in Code Red means the program is not as virulent as it might be. The method it uses to generate a list of machines to scan for vulnerabilities is flawed and many copies of the program are expected to interrogate the same machines.

The Code Red program is more properly known as a worm because it can spread across networks and infect new machines with no help.

The Pentagon had to pull the plug on its public facing sites

In a bid to stop the worm infecting computers, security experts are urging users to visit Microsoft's website and download a program that closes the loophole Code Red exploits.

The loophole is found in versions 4.0 and 5.0 of the Internet Information Services software bundled into Microsoft's Windows 2000 and NT operating systems. Windows 95, Windows 98 and Windows Me users are unaffected.

Machines running non-Microsoft operating systems will also be unaffected.

Cert has speculated that the worm may have reached all the machines that are vulnerable to infection and might spread no further. Experts are also debating whether it will wake up again on 1 August.

Last week, the threat of infection by Code Red forced the US Defence Department to pull the plug on its public facing sites for four days while it disinfected servers and closed loopholes that could let the programme through.

Many anti-virus companies have now issued software that helps system administrators work out if they are vulnerable, and search for and purge the Code Red worm from their machines.

The worm also defaces the web pages of infected machines with text reading "Hacked by Chinese" for a few hours before deleting the text and then lying dormant until it is due to launch more scans for vulnerable machines.

Already two variants of the Code Red worm have been found.