'Code Red' Continues to Spread

Code Red is programmed to do its damage over an extended period of time. It operates in two phases over a 20-day cycle: for the first 19 days, the worm spreads onto unprotected servers. From each of those, it attempts to latch on to 99 new servers. On the 20th day, the computers carrying the worm are instructed to bombard the target Web site.

Experts have said the worm installs the phrase "Hacked by Chinese!" on the attacked Web sites.

Two versions of the Code Red worm have observed. Both take advantage of a security flaw in some versions of Microsoft's network servers, and instructs the servers to bombard government Web sites with streams of data. The company first announced both the flaw and the patch to fix it on June 18.

Dick pointed out at a briefing in Washington on Tuesday that Code Red should not damage individual computers in the way that widespread viruses can.

"The damage from this particular worm is not necessarily from the intrusion into the systems itself," said Dick. "It doesn't go in and destroy files, it doesn't go in and alter data that we're aware of. Basically what it does is take advantage of the vulnerability of a Microsoft Internet service software and then launches on a pre-scheduled time service attack on a particular target."

More Worms on the Way?

The Code Red worm first surfaced last month when hackers tapped into hundreds of thousands of servers in the process of attacking the White House's Web site. The site's technical team managed to fend off that attack, and the FBI stressed the importance of preparing for the worm.

The FBI and other Internet security experts estimate more than 300,000 computers were infected on or soon after July 19. The Pentagon also shut down hundreds of Defense Department Web pages last week in order to install protection against the computer worm.

"We have no reason to believe any national security systems are going to be affected," added Dick.

The original attack, on the White House's site, came just one day before Attorney General John Ashcroft announced 10 new law enforcement units focusing on lawbreakers in cyberspace, declaring the teams would "prosecute vigorously those responsible for cybercrime."

But experts and Internet security specialists have not yet been able to determine who is responsible for unleashing Code Red upon the Web.

"It's unlikely that they will be found unless someone brags about it," says Moore. And other experts say similar attacks could be on the way.

"This has brought some new techniques in as far as writing a worm," says Simon Perry, vice president of security at software firm Computer Associates. "You will see copycats that use this as a propagating technique."

As Marty Lindner of the CERT Coordination Center concludes: "I think it's safe to assume that Code Red is the first of a new breed, and there will be more like it."

ABCNEWS' Bryan Robinson contributed to this report.

  • 1
  • |
  • 2
Join the Discussion
blog comments powered by Disqus
You Might Also Like...