BBC NEWS Americas Africa Europe Middle East South Asia Asia Pacific Arabic Spanish Russian Chinese Welsh

 You are in: Sci/Tech
Front Page 
UK Politics 
Talking Point 
In Depth 

Commonwealth Games 2002

BBC Sport

BBC Weather

Friday, 20 July, 2001, 09:59 GMT 10:59 UK
White House dodges web virus
White House website WWW
White House website available despite attack
The White House website has beaten a computer virus attack designed to knock it out of action.

The virus, called Code Red, has already infected around 200,000 computer systems around the world, defacing many websites with the message "Hacked By Chinese".

The infected systems were scheduled to bombard the numerical internet address that represents the White House website on Thursday.

But security experts said officials apparently moved the site to a different address, dodging the internet bullet.

"We have taken preventative measures aimed at minimising the impact of any computer virus," said a White House spokesman, without going into details.

'Significant threat'

The Code Red worm works as a denial of service attack, designed to hamper or shut down a computer system by flooding it with huge amounts of data.

President Bush AP
President Bush: Abroad at the time of the virus attack
The FBI's National Infrastructure Protection Center has issued a warning, describing the virus as a significant threat that could "degrade services running on the internet".

Infected systems are likely to see their network performance degraded as a result of the scanning activity of the worm, warned the Computer Emergency Response Team (Cert).

Experts said the Code Red worm could slow overall internet traffic by flooding the web with message traffic from infected computers, putting the estimated number of infected systems at about 200,000.

Server security hole

Worms are programs that have the ability to spread across the web and execute instructions.

The Code Red worm exploits a vulnerability in Microsoft Internet Information Server 4.0 and 5.0 and affects computers running Windows NT 4.0 and Windows 2000.

The flaw was first identified in June and Microsoft released a patch that would prevent a computer from being infected with the worm

But it appears many administrators have not plugged the security hole. Even Microsoft failed to completely protect its network, admitting that a small number of servers were infected.

The worm seems to deface only English-language servers. It selects 100 IP addresses, scanning the computers associated with them for the security hole and spreading it to vulnerable machines.

Second worm

The worm then defaces websites hosted by the servers with the text: "Welcome to! Hacked by the Chinese!"

The origin of the virus is not clear. A second worm was discovered this week, called W32.Sircam.

It sends copies of itself to all email addresses in an infected computer's address book and can delete files and directories, fill up the hard disk and send files out to the internet.

Both English and Spanish-language versions have been found in more than 50 corporate networks worldwide, said Network Associates.

See also:

09 Feb 00 | Sci/Tech
Yahoo attack exposes web weakness
24 May 01 | Sci/Tech
Web warning centre in net attack
01 May 01 | Sci/Tech
US and Chinese hackers trade blows
09 Feb 00 | Sci/Tech
Yahoo brought to standstill
11 Feb 00 | UK
A - Z: Hack attack
27 Oct 00 | Sci/Tech
Hacking: A history
22 May 01 | Sci/Tech
Cheese beats crackers
10 May 01 | Sci/Tech
Porn virus fizzles out
Internet links:

The BBC is not responsible for the content of external internet sites

Links to more Sci/Tech stories are at the foot of the page.

E-mail this story to a friend

Links to more Sci/Tech stories