Agencies warned of next ‘Code Red’ attack on computers
Federal officials on Monday urged agencies to prepare for the second wave of the malicious computer worm known as "Code Red." The worm will begin striking again Tuesday at 8 p.m. Eastern Time, officials said. The Defense Department began restricting public traffic to its Web sites two weeks ago in an effort to limit its exposure to the worm. Public access was restored last Tuesday. The worm scans the Internet for servers running Microsoft Corp.'s Internet Information Services software, commonly known as IIS, versions 4.0 and 5.0. Computers with Windows NT 4.0 and Windows 2000 servers usually have IIS installed. Once the worm finds the software it looks for a well-publicized vulnerability. The worm loads itself onto the server if the vulnerability exists. "If users act now, we could mitigate the potential damage caused by this worm," said Ronald Dick, director of the FBI's National Infrastructure Protection Center (NIPC), at a press conference on the worm Monday. The first version of the worm defaced Web sites operating on infected machines, but the worm's subsequent mutations are a greater threat. In its most dangerous form, the worm infects servers quietly and waits for instruction. Infected computers are used as part of a distributed denial of service attack. In such attacks, hackers crash Web servers by flooding them with false information sent by hundreds, if not thousands, of infected computers. The Code Red worm is particularly dangerous. On July 19, the worm infected 250,000 computers in nine hours. Security experts estimate it is possible for the next wave of the worm to infect double that number every day. Worms are especially hazardous because they propagate without human intervention. Computer viruses, on the other hand, depend on people opening files such as e-mail attachments to do their damage. NIPC is concerned that the performance of the Internet could be diminished due to slowdowns created by Code Red. Because more agencies and companies depend on the Internet than ever before to conduct business, NIPC is labeling Code Red as a threat to the nation's national and economic security. Dick said all Americans should be concerned because on Aug. 19, the infected computers are programmed to attack a number of predetermined targets that have not yet been named.