Computer virus will reinfect networks By PAMELA HESS

WASHINGTON, July 27 (UPI) -- Computer security experts on Friday warned that the "Code Red" virus that forced the Pentagon to block public access to its Web sites will reawaken next Wednesday and begin attacking tens of thousands of computers.

The Computer Emergency Response Team at Carnegie Mellon University said the virus spreads rapidly. It infected more than 250,000 computers in nine hours on July 19.

"Because the worm propagates very quickly, it is likely that nearly all vulnerable systems will be compromised by Aug. 2, 2001," the CERT said.

The virus is programmed to replicate itself for 19 days, in some cases defacing hosts' Web sites, and then to flood a single Web server -- the White House's -- with messages, clogging all its lines.

The White House changed its Internet protocol address last week to foil the bug, but Carnegie Mellon warns the real problem is posed during the infection stage. The virus, or worm, automatically scans computers over Internet lines for a particular software vulnerability that would allow it to take up residence. That scanning threatens to overwhelm Internet lines.

The CERT also warned that in some cases, Code Red can assume control of computers by overriding security features on local networks.

"This level of privilege effectively gives an attacker complete control of the infected system," the CERT stated Friday in a warning advisory.

The Pentagon shut down nearly all of its public Web sites on July 20 for five days while network administrators worked to patch the software vulnerability that allowed Code Red into a number of military computers. The worm hit U.S. European Command particularly hard, according to military sources.

The CERT issued a warning on June 19 about the software vulnerability resident in some Microsoft systems. A day later the military issued an alert to patch the problem, giving administrators 30 days to do so, a defense official told United Press International. However, the Code Red virus had completed its attack the day before that deadline was met.

The military has nearly 10,000 networks and 2.5 million computers. Last year around 1,000 computer security advisories were issued; the military issued about 10 "alerts" with 30-day repair deadlines off that list.

"It's a case of risk assessment. With so many computers we can't respond to every advisory," the official told UPI.

-- Anonymous, July 27, 2001

Answers

It appears that some of the little hackers have made different versions of this nasty worm as well. Hopefully the anti-virus software will catch them as well as the origional.

We had a notification from our 'security' guy today about this as well. If you experience any slowness around then, it'd be a good bet that the Code Red worm is the cause. Besides infecting the NT and Windows 2000 machines, it does nasty DOS attacks on machines which are not NT or 2000.

-- Anonymous, July 27, 2001

Funny thing is, right after I posted this I got a suspicious e-mail with attachment, you know, "I am sending you this for your opinion," or whatever. Nuked it, of course.

-- Anonymous, July 27, 2001

Git, that virus is SirCam.

Code Red, IMO, was especially effective last week because it was concurrent with the fiber optic damage from the Baltimore train derailment. VERY bizarre happenings around here Friday. My town, and now I find out the next town over, had serious problems with their electrical service in a way that makes me think some feedback loop to the grid was messed up. I hope it doesn't mean that our grid really is vulnerable.

-- Anonymous, July 27, 2001

That would be shocking news indeed, Brooks!

-- Anonymous, July 28, 2001