'CODE RED' takes hold on about 115,000 computers; Internet continues unharmed

Wednesday, August 1st 2001, 12:00 am
By: News On 6

WASHINGTON (AP) _ The viruslike ``Code Red'' worm infected computers around the world Wednesday, although the outbreak wasn't as severe as predicted.

``We're still watchful, but for the first time, we're hopeful as well,'' said Alan Paller, research director at the SANS Institute, a computer security think tank working with the government to monitor the Internet.

About 115,000 Internet-connected computers running Microsoft's NT or Windows 2000 operating system were infected by Code Red Wednesday afternoon, according to SANS data. Although the rate of infection doubled each hour early on, the rate of increase gradually abated.

The Pentagon had to shut down public access to many Defense Department Web sites again. Even though they shut down most military sites last week, the job apparently was not complete.

Unlike a computer virus, which needs a person to help it spread, a worm infects other computers on its own. It does not affect most home computers.

Officials worried that the outbreak would be as crippling as Code Red's first appearance on July 19, in which over 250,000 systems were infected in its first nine hours. As a result, there were widespread slowdowns and outages across the Internet.

This time, after Code Red launched at 7 p.m. EDT, the worm has had a much lower infection rate.

German, French and British officials reported that Code Red's impact was minimal.

``Fears that the worm would have a potentially devastating effect on the Internet seem to have been unfounded,'' said a statement from Britain's Home Office, the country's top law enforcement institution.

But foreign and American computer experts continued to warn that computer users should still download a software patch from Microsoft to inoculate their systems from the worm.

Web site administrators running Microsoft Windows NT and 2000 operating systems, along with the Internet Information Services software, are vulnerable unless the patch is installed. Users running Windows 95, 98 or Me are not affected.

Experts worried that newly discovered versions of the worm can be reprogrammed to launch crippling attacks on any Web site. They also warn that the danger is far from over.

Code Red is programmed to keep trying to infect computers until the 19th of the month. After that, it goes into attack mode, sending junk data to the White House's Web site.

Even though the White House moved its numerical Internet address last month to dodge the first outbreak, the attack may have the unintended affect of clogging up the Internet causing slowdowns.

This is similar to millions of phone calls to a wrong number not affecting the intended recipient, but the calls themselves still jamming phone lines for everyone else.

FBI officials said over a million people had downloaded the patch from Microsoft, although it was impossible to guess how many computers have actually been fixed.

Experts' predictions ranged from the infection of a million or more computers and a massive Internet slowdown to little effect. The government took few chances, pressing to get as many Web site operators as possible to inoculate their systems before the attack.

Code Red is the most infamous computer worm since the first worm, created in 1988, which took down most of the fledgling Internet.

Owners of infected computers can turn their computers off and on again to clear out the worm, but they still need to install Microsoft's patch to keep from being re-infected.