Skip to main content /TECH with /TECH

Code Red not expected to cause major damage

By Marsha Walton
CNN Atlanta Bureau

ATLANTA, Georgia (CNN) -- Computer security firms and U.S. government agencies do not expect any widespread damage when the Code Red worm awakens from its "slumber" mode Sunday night at 8 p.m. EDT.

As it did during its first incarnation in July, the worm is programmed to seek out vulnerable computers during the first 19 days of the month.

The worm used the machines to launch a denial of service attack on the White House's Web site, In such an attack a Web site is flooded with an enormous amount of junk data in an attempt to shut it down.

MORE STORIES Why worms like 'Code Red' are good for you  
Message board: 'Code Red' worm  

No harm came to the White House site in July. Government security experts made fixes that protected the site from any compromise. Unlike a virus, a worm infects other computers without any actions from a human, such as clicking on an e-mail attachment.

The only machines vulnerable to the attack are those running Windows NT and Windows 2000, with Internet Information Web server software. These machines are primarily run by businesses.

Most home personal computers would face no threat from the worm's infection. The threat of Code Red can be removed in minutes by going to the Microsoft Web site, downloading and installing a patch, or fix.

In a statement released Friday, the National Infrastructure Protection Center said "the Internet threat posed by Code Red when it changes from a scanning mode to an active distributed denial of service mode is significantly reduced."

In an unusual move in July, the NIPC joined the FBI in a major media blitz to warn businesses of the worm's capabilities. The NIPC is a federal agency that works to detect, assess and warn of cyber-threats in both the government and private sectors.

After those warnings the NIPC said more than 1 million people downloaded the Microsoft patch to protect their computers. The agency said it believes most infected systems have been purged, and most vulnerable Web servers have been patched.

Although many computer security and anti-virus companies said they remained on alert for the scheduled return of Code Red, most said this new deadline did not pose a significant threat.

Internet Security Systems, an Atlanta-based security firm, said it was monitoring any possible return of the worm, but this weekend the company is in a "normal vigilance" condition.

According to the ISS Web site, "The lesson to take away from the Code Red experience is that an unpatched computer is fair game for hackers 24-7 and should never be connected to the Internet or to a corporate network in that condition."

• FBI's National Infrastructure Protection Center
• Microsoft Security Patch

Note: Pages will open in a new browser window
External sites are not endorsed by CNN Interactive.


Back to the top