‘Code Red’ Computer Worm Goes Active



WASHINGTON — The “Code Red” software infection began to take hold Wednesday, infecting at least 22,000 Web sites and spreading fears of an Internet-wide slowdown. But officials remained hopeful that enough computers were inoculated to avoid major interruptions.

The infection rate seems to be on par with the worm’s first outbreak last month, said Alan Paller, research director at the Sans Institute, a computer security think tank working with the government to monitor the Internet. If it continues at its current rate, “We’ll see some substantial effects as we did on (July) 19th.”

While the worm is spreading exponentially, the rate is still slightly declining each hour, prompting officials to be more optimistic that they got the word out in time.

The FBI’s National Infrastructure Research Center reported that the worm was seen around the world.

“Early reports of activity spanning the entire globe, including the United States, indicate the worm has gone active and is presently spreading throughout the Internet,” according to a NIPC statement early Wednesday.

While regular Internet users hadn’t yet seen a slowdown, there were widespread problems July 19 causing some backbones – the superhighways of the Internet – to clog up. Code Red infected at least 300,000 Web sites during the first outbreak.

Early reports wondered whether those slowdowns were due to a Baltimore train crash that damaged some fiber-optic lines, but now officials blame the incident on Code Red. In July, the worm had only a day to spread before it was programmed to go into an attack mode against the White House Web site. But now the worm has much more time to do damage.

The worm can spread quickly without human intervention, but doesn’t affect most home computers.

The malicious program can only be stopped if enough Web site operators install Microsoft Corp.’s software patch, which plugs the security hole the worm uses to attack. FBI officials continued to implore computer users to download the patch.

FBI officials said late Tuesday that more than one million people had downloaded the patch from Microsoft )MSFT), although it was impossible to guess how many computers have actually been fixed.

Experts’ predictions ranged from the infection of one million or more computers and a massive Internet slowdown to little effect. The government took few chances, pressing to get as many Web site operators as possible to inoculate their systems before the attack.

Code Red infected several hundred thousand computers during its first outbreak July 19. Russ Cooper, surgeon general for TruSecure Corp., said the new spread could reach half-million to a million computers within three days.

As a result, the infected computers would spew out more junk data than the Internet can handle, Cooper said, resulting in “a meltdown.”

“If it does slow down, as I expect it will, then you won’t even be able to get to Microsoft’s site to install the patch,” Mr. Cooper said. “I expect that to happen.”

Code Red is the most infamous computer worm since the first worm, created in 1988, which took down most of the fledgling Internet.

Other computer security experts were more measured in their predictions, saying that it would cause some troubles but that the onslaught of media coverage would prompt computer users to fix their systems.

David Perry, of antivirus program maker Trend Micro Inc. (TMIC), likened the strident warnings from government officials and constant cable television news coverage to stockpiling for the Year 2000 conversion.

“I would suggest that because of Code Red, there’s no reason to go out and buy mass quantities of beef jerky,” Perry said.

Experts worried that newly discovered versions of the worm can be reprogrammed to launch crippling attacks on any Web site. “This thing is just way too easy to modify,” Mr. Cooper said.

FBI spokeswoman Debbie Weierman said the government doesn’t know if all federal computers are protected, but a Pentagon spokesman said Tuesday that they believe Defense Department systems are safe. Last week, the Pentagon shut down public access to Web sites to purge the worm.

Web site administrators running Microsoft Windows NT and 2000 operating systems, along with the Internet Information Services software, should download the patch from Microsoft’s Web site. Users running Windows 95, 98 or Me aren’t vulnerable.

Copyright (c) 2001 Dow Jones & Company, Inc. All Rights Reserved