Officials Caution Belated Web Worm Effects

ByABC News
July 31, 2001, 2:17 AM

N E W   Y O R K, July 31 -- Government officials said tonight they had no reports of the "Code Red" computer worm's return, but warned the effects of an attack may not be felt immediately.

"It will be some time before we can make any definite conclusions," Ronald Dick, director of the FBI's National Infrastructure Protection Center (NIPC), said at a press conference tonight. "The storm has not passed yet."

The Code Red worm, which first infiltrated thousands of systems almost two weeks ago, was set to resurface at 8 p.m. ET.

The NIPC as well as Microsoft and other government and private Internet security groups issued an advisory about the worm, which is intended to create outages on major Web sites, and could significantly slow down Web traffic in the process. Officials urged Web site operators to download a patch from Microsoft's site intended to protect computers against Code Red.

FBI officials said more than a million people had downloaded the patch. Though it was impossible to estimate how many computers were protected from Code Red, officials seemed optimistic.

"The world notification [of Code Red] has paid huge dividends," Dick said. "The media and its coverage of this has done a huge public service."

Government officials said there had not been any reports of mutations of the computer worm. But experts warned that no one should breathe a sigh of relief just yet.

"It's not going to start like a horse race, with everything going at once. As of yet we have no reports of interruption in service," said Jerry Freese, director of intelligence at Vigilinx, a digital security solutions provider monitoring Code Red. "There have been some reports of slowed traffic but nothing alarming. But we're still watching for slowed Web traffic, scanning and interruptions in security. We haven't heard anything, and I guess that's a good sign. But basically we have to wait and see."

A Long Cycle

Code Red's effects may not be immediately apparent because it has a long cycle. It operates in two phases over a 20-day cycle: for the first 19 days, the worm spreads onto unprotected servers. From each of those, it attempts to latch on to 99 new servers. On the 20th day, the computers carrying the worm are instructed to bombard the target Web site.