http://www.cnn.com/2001/TECH/internet/07/30/code.red/index.html By Richard Stenger CNN.com Sci-Tech Writer A computer worm that proliferates on Microsoft operating systems and causes widespread Internet slowdowns could unleash a second and more virulent epidemic on Tuesday, government and corporate anti-virus experts warned. The "Code Red" bug infiltrated hundreds of thousands of computers within hours of its first identified outbreak on July 19. The attack forced the White House to take evasive action and the Pentagon to halt briefly public access to its Web sites. The worm is designed to spread the first 20 days of each month. On the 20th, it begins targeting the White House Web site in an attempt to knock it off the Internet. Computers harboring the virus are expected to start another round of mass infections of other machines Tuesday at 8 p.m. EDT. "The mass traffic associated with the worm propagation could degrade the overall functioning of the Internet and impact ordinary users," Ron Dick, the director of the National Infrastructure Protection Center, told reporters Monday. Digital secrets at risk? The first wave of the worm did not destroy computer files. But computer security experts fear the new version could prove more dangerous. "An attacker could exploit the vulnerability to gain control over a Web server, or alter or steal critical corporate and private data," Dick said. A worm can propagate itself without user assistance, unlike a more conventional computer virus. The epidemic could affect business and personal use of the Internet, disrupting electronic commerce and e-mail, warned the Computer Emergency Response Team (CERT), a federally funded Internet security research center at Carnegie Mellon University. Hacker message a mystery In the latter part of July, when the worm reared its ugly head, it defaced Web sites with the phrase "Hacked by Chinese." But it had spread so quickly that computer virus experts remain puzzled about its origin. "It's really unclear. There's a good chance we will never know where it came from," said Marc Maiffret, an officer of eEye Digital Security, which in June discovered the security flaw that the worm would later exploit. Despite warnings from Microsoft, eEye and computer security authorities, who made an inoculation patch available on the Internet, many computers were susceptible during the first Code Red attack. The rogue application takes advantage of a defect in Microsoft's Internet Information Services software. It affects only computers with the IIS Web server software and Window's NT or 2000 operating systems. Windows 95, Windows 98 and Windows Me are immune. Therefore, most home PCs cannot be infected. The worm scans the Internet, locates vulnerable systems and infects these systems by installing itself. Each newly installed worm joins the others, causing the rate of scanning to rise exponentially. Pentagon mounts a defense The uncontrolled growth in scanning slows the speed of the Internet and can cause sporadic but widespread outages, according to CERT. Last week, the Pentagon cut off public access to its Internet sites to remove the bug and protect against future outbreaks. The White House avoided a direct onslaught by changing its numerical Internet address. A similar attack is expected later in August. And while the White House site has moved out of harm's way, the offensive could again disrupt Internet traffic, authorities warn. The worm can also affect smaller networks using certain Cisco Systems-made Internet routers for data traffic flow, and a handful of Hewlett-Packard network printers, Maiffret said. ------------------ mgh 1924 - 2001 http://www.al-gore-2004.org/
