Skip to main content /TECH with /TECH

'Code Red' worm 'minimized' -- for now

WASHINGTON (CNN) -- Although its threat appears to be abating, the "Code Red" computer worm still has a few twists left and could target vulnerable systems around the world during the next few days, experts said Thursday.

"The large number of machines that are now patched have changed the playing field, but we still anticipate increasingly rapid growth worldwide in the coming days," states the Web site for Internet Security Systems (ISS). "We anticipate remaining at [high alert] through early August, but will watch the situation closely and adjust the threat level accordingly."

Government and computer security officials say they are hopeful that the resilient computer worm has been minimized.

But while officials claimed mild success, the Code Red worm kept inching along, infecting more than 250,000 computers through 6 p.m. EDT Thursday -- a slower rate than the first attack in mid-July, according to the technical staff at the CERT Coordination Center.

Critics want software makers, like Microsoft, to protect consumers from computer bugs. CNN's David George reports (August 1)

Play video
(QuickTime, Real or Windows Media)

Despite minimal reported damage, officials warn that danger from the computer virus is far from over. CNN's James Hattori reports (July 31)

Play video
(QuickTime, Real or Windows Media)
MORE STORIES Why worms like 'Code Red' are good for you  

In-Focus: 'Code Red': Will the patch work?  

'Code Red' latest in series of nasty Net bugs  
On the Scene: Daniel Sieberg: 'Code Red' worm inches along  

Message board: 'Code Red' worm  

"We are cautiously optimistic that the impact of the infection stage of this particular variant of the Code Red worm ... has been minimized," said Ron Dick, the director of the National Infrastructure Protection Center, part of a federal task force monitoring the worm.

But Dick cautioned that the threat has not entirely passed. By late in the day, new variants of the worm were showing up, and security experts said they need until at least Thursday to measure its impact.

Dick lauded efforts by the government and industry to get the word out about the potential harm of the worm.

Rate slowing down?

While the worm spread rapidly, he said the rate of infection leveled off by nightfall.

"At this point, it is still too soon to say for certain whether this slowdown will continue," he said.

Dick said more than 300,000 computers could have been infected if users had not taken the appropriate steps to ward off the worm, which he said would have shut down servers entirely and degraded the overall performance of the Internet.

The worm did force the Pentagon to re-route traffic on some of its public Web sites and infected a server at an unnamed Cabinet department.

The worm has infected about 200,000 machines since 8 p.m. EDT Tuesday night, estimated experts at SANS Institute for computer security.

Officials earlier predicted "a level of worm activity comparable to the July 19 Code Red infection which resulted in the infection of over 250,000 systems."

The worm might need as long as a week to muster enough momentum to really rattle the Internet, anti-virus experts said. But that may never happen.

"It is still not too late for users who are susceptible to the worm to download the free Microsoft software patches. Applying the patch will protect users from infection," the National Infrastructure Protection Center said in a statement.

Targets businesses, government

A computer worm is a program that propagates itself by copying itself onto other machines. The Code Red worm affects only computers running Microsoft's Internet Information Services (IIS) software on Windows NT or Windows 2000 operating systems.

That software and those operating systems are primarily used by businesses, so few home Internet users are likely to be infected by the worm. However, their access to the Internet could be affected by the worm because its heavy use of the Internet could slow down all other traffic.

Business systems infected by the worm may see increased degradation of performance and some system instability because of it, computer experts say. In addition, they say the worm has some destructive capabilities, meaning it can destroy or delete some files, and it can result in altered or garbled Web pages.

When the Code Red worm made its debut last month, it swept through 250,000 computers in nine hours, forced the White House to take evasive action and the Pentagon to take its public Web sites off-line temporarily. Code Red unleashed itself again Tuesday night.

Allan Paller, director of SANS Institute, said it took seven days to fully gauge the worm's spread the first time it appeared.

"This time it's bound to take less. We just don't know how much less," he said.

Microsoft reported that more than a million people have tried to avoid the Code Red worm by downloading and applying the free patch available from the Microsoft Web site.

CNN's Richard Stenger, Kevin Bohn, Kelli Arena and Daniel Sieberg contributed to this report

• Riptech
• Microsoft Security Patch
• Code Red technical data
• National Infrastructure Protection Center
• Spread of the Code Red worm, July 19-20 (UC San Diego)

Note: Pages will open in a new browser window
External sites are not endorsed by CNN Interactive.


Back to the top