'Code Red' infects 80,000 Web sites
About the article
This is a digitised version of an article from The Cayman Compass's print archive. Occasionally, the digitisation process introduces transcription errors, or other problems.
See the article in its original context from August 2001.
Brought to you by
Washington (AP) - The viruslike "Code Red" worm began to take hold Wednesday, on pace to infect 250,000 Web sites and spreading fears of an Internet-wide slowdown. But the infection
rates began to slow at midday, putting that number and its effects - in doubt.
At first, the infection rate seemed to be on par with the worm's first outbreak last month, said Alan Paller, research director at the Sans Institute, a computer security think tank working with the government to monitor the Internet. If it continued at its current rate, "We'll see some substantial effects as we did on (July) 19th."
At midday Wednesday, about 80,000 Web sites were infected, according to Sans. Government officials predicted July's peak of a quarter-million Web sites worldwide could be reached within the day. While the worm is spreading exponentially, the rate is steadily declining each hour, prompting officials to be more optimistic that they got the word out in time. "Based on preliminary
analysis, we expect a level of worm activity comparable to the July 19 Code Red infection, which resulted in infection of over 250,000 systems," according to a joint statement from the FBI, White House and other agencies.
Chad Dougherty, an
Internet security analyst at the government-funded Computer Emergency Response Team, said: "It looks like there's a potential for a very large number of machines to be affected.
"We received a few reports of sites that indicated that they were experiencing some limited denial of service," Dougherty said, referring to a slowdown at those sites. He declined to identify the sites or say whether they were owned by the government or private companies.
Early analysis wondered whether the July slowdowns were due to a Baltimore train crash that damaged some fiber-opticlines, but now officials blame the incident on Code Red. Then, the worm had only a day to spread before it was programmed to go into an attack mode against the White House Web site. But now the worm has much
more time to do damage.
The worm can spread quickly without human intervention, but does not affect most home computers. The malicious program can only be stopped if enough Web site operators install Microsoft's software patch, which plugs the security hole the worm uses to attack. FBI officials continued to implore compu-
'It looks like there's a potential for a very large number of machines to be affected.'
ter users to download the patch. FBI officials said late Tuesday that over a million people had downloaded the patch from Microsoft, although it was impossible to guess how many computers have actually been fixed.
Experts' predictions ranged from the infection of a million or more computers and a massive Internet slowdown to little effect. The government took few chances, pressing to get as many Web site operators as possible to inoculate their systems before the attack.
Code Red is the most infamous computer worm since the first worm, created in 1988, which took down most of the fledgling Internet.
Experts worried that newly discovered versions of the worm can be reprogrammed to launch crippling attacks on any Web site. Web site administrators running Microsoft Windows NT and 2000 operating systems, along with the Internet Information Services software, should download the patch from Microsoft's Web site. Users running Windows 95, 98 or Me are not vulnerable.
Ronald Dick, director of the National Infrastructure Protection Centre, answers questions about the "Code Red" worm at a news conference. Photo:AP
