Skip to main content /COMMUNITY /US

On The Scene

Daniel Sieberg: 'Code Red' II worm attack

Daniel Sieberg is the Science and Technology editor for He is a recipient of the Rafe Mair Award for Excellence in Journalism, and a former reporter for The Vancouver Sun. He joined the chat room from Atlanta, GA.

CNN: Thank you for joining us today, Daniel Sieberg, and welcome.

DANIEL SIEBERG: Thanks for having me. Hi everyone!

CNN: How does Code Red II compare to Code Red I?

SIEBERG: Code Red II is a whole new worm. It still exploits the same vulnerability in the Microsoft IIS software, except that this time it leaves behind a "back door" that allows a hacker or anyone else to access the computer. That computer could be storing sensitive information, such as credit card numbers or passwords. They could also deface the Web site.

Critics want software makers, like Microsoft, to protect consumers from computer bugs. CNN's David George reports (August 1)

Play video
(QuickTime, Real or Windows Media)

Despite minimal reported damage, officials warn that danger from the computer virus is far from over. CNN's James Hattori reports (July 31)

Play video
(QuickTime, Real or Windows Media)
In-Focus: 'Code Red': Will the patch work?  

'Code Red' latest in series of nasty Net bugs  
On the Scene: Sieberg: 'Braced for worst, hoping for best'  

Message board: 'Code Red' worm  

CHAT PARTICIPANT: Do we need a new patch for Code Red II if we installed the patch for Code Red I?

SIEBERG: Security experts believe the old patch should still work in this case since it exploits the same hole.

CHAT PARTICIPANT: From earlier reports, Code Red is easy to modify to do more damage. Can we expect much more destruction next time?

SIEBERG: It's hard to say. There is potential for more damage as hackers learn more about the vulnerability or about how to exploit it. The key is for companies and individuals to be vigilant with their anti-virus software and update it regularly.

CHAT PARTICIPANT: Daniel how difficult is it to re-route your connection so that you can bypass the Cisco routers that are over loaded?

SIEBERG: That's a good question. There are reports that some Cisco routers are affected by both worms, but re-routing connections isn't a simple task. It's tough to detail a technical procedure like that in this case, so I would recommend you speak with a security professional for firsthand information.

CHAT PARTICIPANT: Has Microsoft announced any steps to prevent these kind of viruses in the future?

SIEBERG: Well, Microsoft recommends that any company using its software stay current with the required patches. There's not much Microsoft can do to stop hackers from attempting to find other holes in their software, should they exist.

CHAT PARTICIPANT: Good afternoon, Daniel :) Have a problem here... my system is under almost constant intruder attack, and has been for the past two days. Is this from the new Code Red?

SIEBERG: If your system is running Windows 95, 98 or Me, you don't need to be concerned about Code Red. It's only capable of exploiting the hole in IIS, which is used with Windows 2000 and NT machines. But other viruses and worms also scan for different vulnerable machines. As far as telling who or what it is, it's very difficult for the average person to determine the exact source. Keeping your fire wall current should at least give you some small peace of mind.

CHAT PARTICIPANT: Why is Code Red getting more attention than Sircam, which e-mails your private documents to strangers?

SIEBERG: We've covered both computer bugs at, and you're right, Sircam is a nasty virus too. It's been around for several weeks and continues to frustrate anti-virus experts. Code Red got so much attention in part because of the federal agencies that participated in combating it, and because it had the potential to cause such widespread problems. It was also unique in that security experts knew when Code Red was scheduled to begin propagating.

CHAT PARTICIPANT: Is the origin of either variation of Code Red known for sure yet?

SIEBERG: No. There are few clues associated with either worm. What security experts do know is that it was written by a sophisticated programmer, not a so-called "script kiddie." It may take some time before investigators can trace the path of either Code Red.

CHAT PARTICIPANT: Signers create new code by 'breeding' it. What is the possibility of a virus existing that mutates on its own?

SIEBERG: That type of virus already exists in some cases. And there is no limit to how programmers or hackers can manipulate code. Just as anti-virus companies continue to update their software, hackers are changing the way they attack a particular system or vulnerability. It's going to be a never-ending battle between the two factions.

CHAT PARTICIPANT: How high is the potential for stolen information from major online companies?

SIEBERG: With Code Red II, it really depends on whether they installed the patch and installed it correctly. Most major companies have likely taken the correct steps, but if a firm hasn't, a hacker could obtain information stored on that computer quite easily.

CHAT PARTICIPANT: Is there still a security concern for the old version of code red or is that done spreading?

SIEBERG: The old version of Code Red has begun to slow down -- in this cycle. It's also expected to rear its head again later this month, and at the beginning of next month if the patches aren't all installed. I don't think it's fair to say that everyone is out of the woods just yet.

CHAT PARTICIPANT: Is there an estimate of how many servers have not been protected against Code Red?

SIEBERG: That's tough to say. They can estimate how many servers or machines were hit, and they can measure how many patches were downloaded from Microsoft's site. But finding out if someone has the potential for attack is very inexact.

CHAT PARTICIPANT: Is there any legitimate reason for the hackers to put the red worm into our computer systems? Do they have a rationale or do they admit it is adolescent defiance?

SIEBERG: Since the people responsible for Code Red have not been revealed, it's hard to imagine what they're thinking. But there doesn't appear to be any rationale behind them. Hackers may be interested in illustrating the weakness of a product or the Internet, or they may want to just wreak as much havoc as possible. The motivations really do vary.

CHAT PARTICIPANT: Do you predict that Code Red will be altered in the future, thus creating more variations of Code Red?

SIEBERG: It's definitely possible, but no one can predict that with any certainty. The best approach is to be prepared for the worst, but hope for the best.

CHAT PARTICIPANT: Who first reported the Code Red worm?

SIEBERG: There is a security company called eEye that is credited with being one of the first firms to analyze and report on it. Since that time, numerous agencies have contributed to a closer assessment. In fact, the name of the worm comes from the soft drink -- Code Red -- that the eEye programmers were drinking at the time to stay awake.

CNN: Do you have any final thoughts to share with us?

SIEBERG: Code Red II still poses a problem for network administrators, so this story isn't over yet. Again, it illustrates how connected we all are through the Internet.

CNN: Thank you for joining us today.

SIEBERG: Thanks for having me. Great questions as always!

Daniel Sieberg joined the chat room from the Chat Studio at CNN Center in Atlanta, GA, and typed for himself. This is an edited transcript of the interview, which took place on Tuesday, August 7, 2001.

• Riptech
• Microsoft Security Patch
• Code Red technical data
• National Infrastructure Protection Center
• Spread of the Code Red worm, (UC San Diego)
• eEye Digital Security

Note: Pages will open in a new browser window
External sites are not endorsed by CNN Interactive.


Back to the top