CODE RED II Worm Spreads Nationwide

Thursday, August 9th 2001, 12:00 am
By: News On 6

WASHINGTON (AP) _ After the original Code Red worm infected about 250,000 computers at its peak last week, its more malicious cousin caused sporadic Internet outages nationwide, including the disruption of some Associated Press services on Wednesday.

The Code Red II worm caused AP's outage and knocked out Internet access for AP employees most of the day. It did not affect transmission of AP's main news and photo services.

The antivirus company Symantec Corp. estimated that at least 1,000 servers had been infected, but few other firms would venture a guess. Code Red II also leaves a ``backdoor'' open that a hacker can use to take over the infected computer.

A worm is different from a virus because it can spread on its own. Code Red II spreads much more quickly than the original Code Red. A virus needs human intervention to infect other computers.

Telecommunications company Qwest reported spotty outages for users of its high-speed Internet service nationwide. Home cable modem systems in Virginia and New York have also had slow or no service this week due to the worm.

Qwest spokesman Chris Hardman said its users running Cisco Systems' high-speed modems were affected. Some popular Cisco hardware is vulnerable to the Code Red worms, according to a Cisco advisory posted on that company's Web site.

Microsoft, whose software has the vulnerability that lets the Code Red worms attack, has itself been a victim. The company confirmed Wednesday that some computers running Hotmail _ the software giant's free e-mail service _ were infected by one of the worms.

The worm delayed updates of The WIRE, the AP's news Web site. It also affected a photo service used by smaller newspapers and several specialized sites, including sites for graphics and census information. The disruptions began at about 4 a.m. EDT. Most services were restored by early afternoon.

John Reid, AP's director of communications and technology, said all the infected computers had been ``scrubbed'' and were being checked to make certain they were secure.

Both versions of the Code Red worm attack only computers running Microsoft Windows NT or 2000 operating systems, with Internet Information Services installed. Microsoft offers a software patch to protect computers from infection.