Warning: Code Red Virus Returning

By
Peter Dizikes
January 7, 2006, 7:48 AM ET
3 min read

N E W   Y O R K, July 30, 2001 -- Government officials are warning that the "Code Red" computer worm could wreak more havoc on the Internet Tuesday evening.

"We are taking this worm most seriously due to its ability to proliferate at a dramatic rate," said Ronald Dick, director of the FBI's National Infrastructure Protection Center (NIPC) at a press conference in Washington this afternoon. He added: "Someone has purposely spread this worm and is trying to infect us."

The NIPC, along with Microsoft and other government and private Internet security groups, issued an advisory this afternoon about the worm, which is intended to create outages on major Web sites, and could significantly slow down Web traffic in the process.

According to the advisory, the worm could "could impact businesses and home users as the Internet slows down dramatically."

Computers with Microsoft's Windows NT, Windows 2000 and Internet Information Server version 4.0 or 5.0 are vulnerable.

However, according to a bulletin on Microsoft's Web site, "If you are using Windows 95, Windows 98, or Windows Me, there is no action that you need to take in response to this alert."

Worm Surfaced in White House Attack

The "Code Red" worm first surfaced on July 19, when hackers tapped into hundreds of thousands of servers in the process of attacking the White House's Web site. The site's technical team managed to fend off that attack, but the FBI says the virus is programmed to reactivate Tuesday at 8 p.m. ET.

"There will be a tremendous surge starting on July 31 at 8 p.m.," said Dick this afternoon, explaining that the worm is problematic because of its ability to spread quickly.

"On July 19 alone, the code red worm infected more than 250,000 computer systems in just nine hours," added Dick. "We have indications that a tiny percentage of infected machines are scanning the Internet now in search of new victims."

The Pentagon also shut down hundreds of Defense Department Web pages last week in order to install protection against "Code Red."

Experts have said that some versions of the worm install the phrase "Hacked by Chinese!" on the attacked Web sites.

Most home computers should not be affected by the worm, although, as Dick noted, "many people have this Web server product on their personal or business machines."

Preying on Security Flaw

The worm takes advantage of a security flaw in some versions of Microsoft's network servers, and instructs the servers to bombard government Web sites with streams of data. The company announced both the flaw and a patch to fix it on June 18.

The original attack on the White House's site came just one day before Attorney General John Ashcroft announced 10 new law enforcement units focusing on lawbreakers in cyberspace, declaring the teams would "prosecute vigorously those responsible for cybercrime."

But experts and Internet security specialists have not yet been able to determine who is responsible for unleashing "Code Red" upon the Web.