US sounds alarm over "Code Red" worm

Government and corporate officials are urging users of some Microsoft operating systems worldwide to guard against the "Code Red" worm that could cause widespread slowdowns and sporadic outages on the internet.

"The internet has become indispensible to our national security and economic well–being," Ron Dick, head of the National Infrastructure Protection Centre, an arm of the FBI, said yesterday. "Worms like Code Red pose a distinct threat to the internet."

Along with posting various warnings on their web sites, federal officials and representatives of Microsoft Corp. were holding a news conference today to publicice their efforts.

The government routinely works with private companies to issue warnings about new computer viruses and attacks by hackers, but the high–profile warning in this case was unprecedented.

While the actual infection rate is unknown, it is believed to be in the hundreds of thousands of internet–connected computers. In just the first nine hours of its July 19 outbreak, it infected more than 250,000 systems.

The government–funded Computer Emergency Response Team said the worm is predicted to start spreading again Tuesday at 8pm EDT (0000 GMT Wednesday).

"This spread has the potential to disrupt business and personal use of the internet for applications such as electronic commerce, e–mail and entertainment," a CERT advisory warns.

Officials are frustrated that even though a software inoculation was made available over a month before the worm's first attack, many computers are still defenseless. The patch, which will protect computers, can be found on Microsoft's web site.

The worm defaces web sites with the words "Hacked by Chinese." While it doesn't destroy data, it could be modified to do so. At least two mutations have already been found.

Code Red exploits a flaw discovered in June in Microsoft's Internet Information Services software used on internet servers. It is found in Windows' NT and 2000 operating systems.

Only computers set to use the English language will have their Web pages defaced and users of Windows 95, Windows 98 or Windows Me are not affected. For the first 20 days of every month, the worm spreads. From the 20th on, it attacks the White House web site, trying to knock it offline.

The White House took precautions against it, changing its numerical internet address to dodge the attack.

Even though the target has moved, the infected computers will still launch their attack. This, officials said, could slow down the internet and cause sporadic but widespread outages.

Last week, the Pentagon was forced to shut down public access to all of its web sites temporarily to purge and protect them from the Code Red worm.

Because Code Red spread so quickly, security companies have not been able to figure out who wrote and released it.

Code Red also can damage smaller networks by affecting a certain type of internet routers, made by Cisco Systems, used for data traffic control.

Comments