'Code Red' Effects Go Undetected
By D. Ian Hopper
AP Technology Writer
Wednesday, Aug. 1, 2001; 12:11 a.m. EDT WASHINGTON Government and private security officials made a last-ditch effort Tuesday to persuade Internet site operators to inoculate their computers against the predicted return of the viruslike "Code Red" worm.
The worm was expected to become active at 8 p.m. EDT, but there was no sign it had gone to work by late Tuesday night, according to federal officials monitoring Internet traffic.
"There has been an amazing effort to ensure that the public and private sector proofed their computers against (Code Red)," said Ronald L. Dick, the director of the FBI's National Infrastructure Protection Center.
"As of now, the Internet is operating normally."
Officials said, however, it could be a day or two before any effects of the latest attack were noticed, as the worm or possible variants take hold.
The original Code Red worm took seven days to hit its stride, according to Alan Paller, director of research at the SANS Institute, a computer security think-tank.
"We don't know yet whether we are safe and we won't know for sure until seven days pass with no major disruptions" said Paller, who was helping the FBI monitor the Internet. "We never expected to know whether there was a problem today."
The worm can spread quickly without human intervention on unprotected Internet computer servers and threatened to slow down Web traffic. It does not affect most home computers.
The malicious program can only be stopped if enough Web site operators install Microsoft's software patch, which plugs the security hole the worm uses to attack.
FBI officials said late Tuesday that over a million people had downloaded the patch from Microsoft. Although it was impossible to guess how many computers have actually been fixed, the FBI seemed optimistic.
"This should have a measurable impact upon the overall effect of the worm," the FBI's National Infrastructure Protection Center said in a statement.
Experts' predictions ranged from the infection of a million or more computers and a massive Internet slowdown to little effect. The government took few chances, pressing to get as many Web site operators as possible to inoculate their systems before the attack.
Code Red infected several hundred thousand computers during its first outbreak July 19. Russ Cooper, surgeon general for TruSecure Corp., said the new spread could reach half-million to a million computers within three days.
As a result, the infected computers would spew out more junk data than the Internet can handle, Cooper said, resulting in "a meltdown."
"If it does slow down as I expect it will, then you won't even be able to get to Microsoft's site to install the patch," Cooper said. "I expect that to happen."
Code Red is the most famous computer worm since the first worm, created in 1988, which took down most of the fledgling Internet.
Other computer security experts were more measured in their predictions, saying that it would cause some troubles but that the onslaught of media coverage would prompt computer users to fix their systems.
David Perry, of antivirus program maker Trend Micro, likened the strident warnings from government officials and constant cable television news coverage to stockpiling for the Year 2000 conversion.
"I would suggest that because of Code Red, there's no reason to go out and buy mass quantities of beef jerky," Perry said.
Experts worried that newly discovered versions of the worm can be reprogrammed to launch crippling attacks on any Web site. "This thing is just way too easy to modify," Cooper said.
FBI spokeswoman Debbie Weierman said the government doesn't know if all federal computers are protected, but a Pentagon spokesman said Tuesday that they believe Defense systems are safe. Last week, the Pentagon shut down public access to Web sites to purge the worm.
Web site administrators running Microsoft Windows NT and 2000 operating systems, along with the Internet Information Services software, should download the patch from Microsoft's Web site. Home users running Windows 95, 98 or Me are not vulnerable.
On the Net:
National Infrastructure Protection Center: http://www.nipc.gov
Microsoft Security Patch: http://www.microsoft.com/technet/security/bulletin/MS01-033.asp
Code Red technical data: http://www.digitalisland.net/coderedalert
© Copyright 2001 The Associated Press