‘Code Red’ Alert May Have Averted Disaster
The malicious software program known as “Code Red” continued to spread but, contrary to security experts’ fears, by Wednesday evening had not caused a noticeable Internet slowdown and may already have peaked.
The Code Red “worm,” as computer security professionals call it, does not infect typical personal computers. Instead, it attacks only server computers that operate Web sites using Microsoft software. Code Red causes those computers to randomly seek and infect other vulnerable systems.
Each infected machine can spread the worm to many others, so experts initially predicted an unprecedented pandemic. The worm doesn’t damage computers or their software. But if enough Web servers are hit, the resulting surge in online traffic might test the Internet’s carrying capacity, steeply degrading service, they said.
Estimates based on surveys and Internet monitoring variously pegged the total number of infected Web servers from tens of thousands to more than 150,000. The FBI projected that about 250,000 machines would be infected by the end of the day Wednesday.
But some security experts voiced cautious optimism that the worm may be stopped before it does serious damage.
“The Internet is not melting,” said Brian Dunphy, a network monitoring expert with Riptech Inc., a security firm. He concurred with reports by the nonprofit security company SANS Institute suggesting that the rate of increase in infected computers fell off sharply by Wednesday evening.
If the trend holds, Dunphy said, Code Red could reach saturation--the point at which most vulnerable servers have already been infected--much sooner than expected.
Keith Nahigian, a spokesman for the Federal Critical Infrastructure Assurance Office, credited public-awareness efforts and media coverage for stimulating Web managers to upgrade the software on their vulnerable computers.
“This may have cut off the worm’s food supply,” he said.
Several million of the more than 30 million Web server computers worldwide use the Microsoft software product, called IIS, that Code Red targets. It is unknown how many of those machines may still be vulnerable, but more than 1 million security “patches” have been obtained from Microsoft, Nahigian said.
Experts cautioned that Code Red is programmed to search for new targets until Aug. 20, so its spread could still increase in coming days.
