BBC NEWS Americas Africa Europe Middle East South Asia Asia Pacific
BBCi NEWS   SPORT   WEATHER   WORLD SERVICE   A-Z INDEX     

BBC News World Edition
 You are in: Science/Nature  
News Front Page
Africa
Americas
Asia-Pacific
Europe
Middle East
South Asia
UK
Business
Entertainment
Science/Nature
Technology
Health
-------------
Talking Point
-------------
Country Profiles
In Depth
-------------
Programmes
-------------
BBC Sport
BBC Weather
SERVICES
-------------
EDITIONS
Friday, 19 July, 2002, 14:52 GMT 15:52 UK
The year of the web worm
Cooperative Association for Internet Data Analysis
The spread of Code Red around the internet
This time last year the computer virus called Code Red was supposed to bring the internet to a screeching halt.

With the benefit of hindsight we now know that the net was never in danger of being crippled by the virus, but at the time the danger seemed very real.

The FBI's National Infrastructure Protection Centre took the almost unprecedented step of announcing that Code Red posed a serious danger and could "degrade services running on the internet".

One security expert even predicted that the program could cause a net "meltdown".

Swift spread

The fear of a global net slowdown was stoked by the methods the Code Red virus, more properly called a worm, used to spread itself.

The malicious program exploited vulnerabilities in the Internet Information Server software bundled in with Microsoft's Windows NT 4.0 and Windows 2000 operating systems.

Once installed on a vulnerable server, the virus started looking for new machines to infect by randomly generating internet addresses and then probing them to find out if they were home to a vulnerable machine.

National Infrastructure Protection Center seal, NIPC
Code Red was a "serious danger" warned the NIPC
As more machines were infected and started scanning for other machines to infect, it was feared that the net traffic they were generating would choke data pipes.

Certainly Code Red spread very quickly. At the peak of infection 2,000 machines were being infected every minute. In total over 359,000 machines are believed to have been infected by Code Red and its variants.

Despite this rapid growth and massive disruption on many small networks connected to the internet, the predicted wide scale slowdown never happened.

Destructive virus

After Code Red had peaked, web monitoring company Keynote Systems released a statement showing that the slowdown in net traffic associated with the early rise of the worm was actually due to a fire in a train tunnel in Baltimore.

Andy Warhol portrait, PA
Warhol worm named after influential artist
The fire severed key net cables that many of America's large net service providers use to swap data. With the cables gone the companies used alternative routes to send data and briefly bumped up traffic levels elsewhere.

"The 19 July internet slowdown was not due to the worm," Keynote said in its statement.

At the time Code Red was making itself felt there were more than 3.5 million servers running Microsoft IIS software according to figures by Netcraft.

The company said about 35% of these servers were vulnerable when Code Red was first unleashed, but this dropped to 15% as publicity spread.

Even now there are some machines still infected with the worm.

Worryingly the Code Red outbreak, and those of copycat worms, does not seem to have made the net more secure.

In its survey released in June 2002 Netcraft warned that the net was more vulnerable than ever because new loopholes had been found in Microsoft's IIS and the widely-used Apache server software.

Worms exploiting the Apache loophole are already starting to appear.

Computer scientists have even started talking about a theoretical Warhol worm that can propagate across the net in 15 minutes and cause inconvenience to millions.

The virus was named after the pop artist because of his prediction that: "In the future everyone will be famous for 15 minutes".

See also:

20 Jul 01 | Science/Nature
02 Aug 01 | Science/Nature
31 Jul 01 | Science/Nature
02 Aug 01 | Science/Nature
01 Aug 01 | Business
02 Aug 01 | Science/Nature
06 Aug 01 | Science/Nature
Links to more Science/Nature stories are at the foot of the page.


E-mail this story to a friend

Links to more Science/Nature stories

© BBC ^^ Back to top

News Front Page | Africa | Americas | Asia-Pacific | Europe | Middle East |
South Asia | UK | Business | Entertainment | Science/Nature |
Technology | Health | Talking Point | Country Profiles | In Depth |
Programmes