BBC NEWS Americas Africa Europe Middle East South Asia Asia Pacific Arabic Spanish Russian Chinese Welsh

 You are in: Sci/Tech
Front Page 
UK Politics 
Talking Point 
In Depth 

Commonwealth Games 2002

BBC Sport

BBC Weather

Thursday, 2 August, 2001, 07:10 GMT 08:10 UK
Code Red threat tailing off
Code red graphic BBC
Code Red infection rate slowing down
The Code Red computer virus has infected more than 200,000 computers around the world, but the outbreak has not caused the severe disruption many feared.

Security experts monitoring the virus say the rate of infection is falling, but they have detected new variations of the worm.

"We can't say for certain the threat has been eliminated," said Ron Dick, head of the FBI's National Infrastructure Protection Center.

Last time Code Red was active, it infected over 250,000 computers in just nine hours.

This time round, by 1500 GMT on Thursday, the worm had infected 244,727 computers, according to the security think tank SANS.

Minimal impact

The worm scans the internet, identifies vulnerable systems, and infects these systems by installing itself.

We can't predict this kind of stuff, there are too many factors

Bruce Schneier, security expert
Each newly installed worm joins all the others, causing the rate of scanning to grow rapidly.

This uncontrolled growth in scanning can cause data traffic jams and make using the net a frustrating task. But Code Red appears to have had minimal impact on the flow of internet traffic.

"We see no significant performance changes on either high-or low-bandwidth connections, or internationally," said internet performance monitoring firm Keynote Systems.

Despite taking precautions, the Pentagon was forced to shut down public access to many Defense Department websites for a second time.

Slow rate of infection

A spokesman said the Pentagon system was slowed and one civilian agency's server was infected.

"We remain vigilant in monitoring this situation," said the FBI in a joint statement with the White House.

Experts say the worm has 19 days to spread, twice as long as during the last outbreak.

Code Red threat
3.5m websites use Microsoft IIS software
About 35% initially vulnerable
Dropped to 15% due to Code Red warnings
But the rate at which Code Red is expanding is slowing, suggesting that it is struggling to find vulnerable computers. Some security experts warn that it is too early to sound the all-clear.

"We can't predict this kind of stuff, there are too many factors," said Bruce Schneier, of monitoring firm Counterpane Internet Security. "There are too many things we can't model."

Experts say users should still download a software patch from Microsoft to protect their systems from the worm.

Website administrators running Microsoft Windows NT and 2000 operating systems, along with the Internet Information Services (IIS) software, are vulnerable unless the patch is installed.

Code Red only affects versions 4.0 and 5.0 of the IIS software. Windows 95, 98 or Me are not affected, nor are computers running Unix, Linux, or Mac operating systems.

Netcraft, which carries out regular surveys of web server software, estimates that around 3.5 million sites are using Microsoft IIS software. Of these, about 35% were initially vulnerable, a figure that has now dropped to 15% following the publicity about the worm.

Worms are becoming the weapon of choice among virus writers because worms spread on their own rather than requiring computer users to spread them.

The BBC's Kevin Anderson
"There is a lot of speculation that it comes from China"
See also:

01 Aug 01 | Sci/Tech
Code Red keeps world guessing
02 Aug 01 | Sci/Tech
Code Red infections spread
31 Jul 01 | Sci/Tech
Internet put on Code Red alert
13 Jun 01 | Sci/Tech
Virus exploits voyeurs
01 Aug 01 | Talking Point
Can the hackers be stopped?
Links to more Sci/Tech stories are at the foot of the page.

E-mail this story to a friend

Links to more Sci/Tech stories