- The Washington Times - Thursday, August 2, 2001

The Code Red worm infected almost 137,000 computers as of 5 p.m. yesterday as it took root and prepared for a second outbreak later this month.

The worm lacked the force of its initial July outbreak and it failed to choke the Internet, although law enforcement officials continued last night to quantify Code Red's progress. The FBI's National Infrastructure Protection Center and other groups said the cyber-attack has the potential to cause as much damage as it did during its July 19 attack.

"These reports indicate that the number of compromised systems is increasing exponentially and there is a potential for a large number of machines to be affected," said Chad Dougherty, Internet security analyst at Carnegie Mellon University's Computer Emergency Response Team in Pittsburgh.

The Pentagon yesterday shut down public access to many Defense Department Web sites. It did the same last week to protect itself from the worm.

Code Red began to spread Tuesday at 8 p.m. EDT, or midnight Aug. 1 Greenwich Mean Time.

Standard worms copy themselves to a computer through a security hole. Once on a computer, they scan the Internet for other computers with security holes and travel to vulnerable machines.

Code Red affects only Microsoft servers running Windows 2000 or NT software with Internet Information Server 4.0 or 5.0, but the potential for more computers connected to the Internet to become infected remains high.

That is because the worm is expected to continue its search for vulnerable systems until Aug. 19 and because an estimated 2.2 million systems still don't have a patch to stop Code Red.

"We are concerned about the total number of unpatched servers," said Tari Schreider, vice president of Global Operations at Internet Security Systems Inc., an Atlanta company that joined the FBI's National Infrastructure Protection Center in following Code Red.

"This is going to be a slow building up to a crescendo," Mr. Schreider said.

Computer-security officials expect Code Red to multiply itself through Aug. 19, when it will order a denial-of-service attack on a predetermined target. The attack floods systems with requests for information until they crash.

The White House avoided attack from Code Red last month by changing the Internet protocol address of its Web site.

The number of computers infected by Code Red increased rapidly yesterday morning. The number of scans by worms seeking vulnerable computers increased from 13,487 at 10 a.m. to 32,502 at noon an increase of more than 19,000 in two hours. But from 3 p.m. to 5 p.m., only 1,644 more computers were scanned.

"The rate of new machines infected is tailing off," Mr. Dougherty said late yesterday.

Code Red did not cripple the Internet yesterday, as some had feared.

"So far ,we are not seeing any significant degradation of Internet performance. We are seeing some slowdown, but we haven't seen anything significant," said Della Lowe, spokesman at Keynote Systems Inc., a San Mateo, Calif., company that measures the speed of Web sites.

On July 19, the worm infected an estimated 360,000 systems before going into hibernation. Code Red is programmed to strike the first day of each month and go dormant on the 20th.

Code Red's limited progress yesterday could reflect the number of patches companies downloaded to protect vulnerable systems. Digital Island Inc., a San Francisco Web-hosting company, says 700,000 copies of a Microsoft Corp. patch were downloaded from Sunday through Tuesday.

The labor needed to patch computer systems has cost companies $1.2 billion, according to Carlsbad, Calif., research firm Computer Economics. Because the worm blocks access to Web sites, the financial loss to e-commerce companies is likely to increase because of it.

The "love-bug" virus that struck last year cost companies about $8.7 billion, according to Computer Economics.

LOAD COMMENTS ()

 

Click to Read More

Click to Hide