Code Red threat tailing off

Code Red infection rate slowing down

The Code Red computer virus has infected more than 200,000 computers around the world, but the outbreak has not caused the severe disruption many feared.

Security experts monitoring the virus say the rate of infection is falling, but they have detected new variations of the worm.

"We can't say for certain the threat has been eliminated," said Ron Dick, head of the FBI's National Infrastructure Protection Center.

Last time Code Red was active, it infected over 250,000 computers in just nine hours.

This time round, by 1500 GMT on Thursday, the worm had infected 244,727 computers, according to the security think tank SANS.

Minimal impact

The worm scans the internet, identifies vulnerable systems, and infects these systems by installing itself.

We can't predict this kind of stuff, there are too many factors

Bruce Schneier, security expert

Each newly installed worm joins all the others, causing the rate of scanning to grow rapidly.

This uncontrolled growth in scanning can cause data traffic jams and make using the net a frustrating task. But Code Red appears to have had minimal impact on the flow of internet traffic.

"We see no significant performance changes on either high-or low-bandwidth connections, or internationally," said internet performance monitoring firm Keynote Systems.

Despite taking precautions, the Pentagon was forced to shut down public access to many Defense Department websites for a second time.

Slow rate of infection

A spokesman said the Pentagon system was slowed and one civilian agency's server was infected.

"We remain vigilant in monitoring this situation," said the FBI in a joint statement with the White House.

Experts say the worm has 19 days to spread, twice as long as during the last outbreak.

Code Red threat

3.5m websites use Microsoft IIS software

About 35% initially vulnerable

Dropped to 15% due to Code Red warnings

But the rate at which Code Red is expanding is slowing, suggesting that it is struggling to find vulnerable computers. Some security experts warn that it is too early to sound the all-clear.

"We can't predict this kind of stuff, there are too many factors," said Bruce Schneier, of monitoring firm Counterpane Internet Security. "There are too many things we can't model."

Experts say users should still download a software patch from Microsoft to protect their systems from the worm.

Website administrators running Microsoft Windows NT and 2000 operating systems, along with the Internet Information Services (IIS) software, are vulnerable unless the patch is installed.

Code Red only affects versions 4.0 and 5.0 of the IIS software. Windows 95, 98 or Me are not affected, nor are computers running Unix, Linux, or Mac operating systems.

Netcraft, which carries out regular surveys of web server software, estimates that around 3.5 million sites are using Microsoft IIS software. Of these, about 35% were initially vulnerable, a figure that has now dropped to 15% following the publicity about the worm.

Worms are becoming the weapon of choice among virus writers because worms spread on their own rather than requiring computer users to spread them.