I don't recall this level of advance broadcasting for any of the viruses.

http://digitalmass.boston.com/news/2001/07/30/codered_warning.html

Government, private officials sound alarm over "Code Red" worm

By D. Ian Hopper, Associated Press, 7/30/20001

WASHINGTON -- Government and corporate officials are urging users of some Microsoft operating systems worldwide to guard against the "Code Red" worm that could cause widespread slowdowns and sporadic outages on the Internet.

"The Internet has become indispensible to our national security and economic well-being," Ron Dick, head of the National Infrastructure Protection Center, an arm of the FBI, said Sunday. "Worms like Code Red pose a distinct threat to the Internet."

Along with posting various warnings on their Web sites, federal officials and representatives of Microsoft Corp. plan to hold a news conference today at 3 p.m. ET to publicize their efforts.

The government routinely works with private companies to issue warnings about new computer viruses and attacks by hackers, but the high-profile warning in this case was unprecedented.

While the actual infection rate is unknown, it is believed to be in the hundreds of thousands of Internet-connected computers. In just the first nine hours of its July 19 outbreak, it infected more than 250,000 systems.

The government-funded Computer Emergency Response Team said the worm is predicted to start spreading again Tuesday at 8 p.m. EDT.

"This spread has the potential to disrupt business and personal use of the Internet for applications such as electronic commerce, e-mail and entertainment," a CERT advisory warns.

Officials are frustrated that even though a software inoculation was made available over a month before the worm's first attack, many computers are still defenseless. The patch, which will protect computers, can be found on Microsoft's Web site.

The worm defaces Web sites with the words "Hacked by Chinese." While it doesn't destroy data, it could be modified to do so. At least two mutations have already been found.

Code Red exploits a flaw discovered in June in Microsoft's Internet Information Services software used on Internet servers. It is found in Windows' NT and 2000 operating systems.

Only computers set to use the English language will have their Web pages defaced and users of Windows 95, Windows 98 or Windows Me are not affected. For the first 20 days of every month, the worm spreads. From the 20th on, it attacks the White House Web site, trying to knock it offline.

The White House took precautions against it, changing its numerical Internet address to dodge the attack.

Even though the target has moved, the infected computers will still launch their attack. This, officials said, could slow down the Internet and cause sporadic but widespread outages.

Last week, the Pentagon was forced to shut down public access to all of its Web sites temporarily to purge and protect them from the Code Red worm.

Because Code Red spread so quickly, security companies have not been able to figure out who wrote and released it.

Code Red also can damage smaller networks by affecting a certain type of Internet routers, made by Cisco Systems, used for data traffic control.

-- Anonymous, July 30, 2001

Answers

Thank goodness I have Windows 98. I've had about five deliveries of the other virus thought, the Sir-whatsit.

-- Anonymous, July 30, 2001

Git, I'm a little confused about this worm. It's the web servers, not the end users, that are at risk. But it's not clear to me whether an end user can be infected so that it sends out the worm.

-- Anonymous, July 30, 2001

the sircam virus was stopped before it was allowed into our email cache...SEVERAL TIMES!!! still, there is mail that is "clean" but has attachments, sorry everyone, I am just deleting rather than chancing infection.

-- Anonymous, July 30, 2001

SAR, one option (not for you as the recipient, but for the sender) would be to send an e-mail just ahead of time saying that you are about to send an attachment. Saves the recipient from calling or e- mailing to ask if the message was legit.

-- Anonymous, July 30, 2001

Brooks,

You were wondering if you could be infected with the Code Red worm. It depends on what operating system you are running and what was installed. If by chance you are running Windows 2000 and took the default for the install, you could get infected as the default loads some IIS type software.

This virus isn't one that will harm your files actually. It is designed to attack IIS servers/machines and replicate itself. On a given date(s)/time it will try to attack the whitehouse (and possibly other government servers). Until that time, it generates various IP addresses and tries to get into those systems. If it can't, it keeps trying for a long while, thus causing the DOS style of attacks that were experienced when it first came out. (I've also heard that it can have some nasty effects on CISCO routers, but have not confirmed it with my networking guys.)

If you are running Windows 2000, go to microsoft and get the patch to apply.

Sheeps

-- Anonymous, July 30, 2001

I'm Windows ME at home.

-- Anonymous, July 30, 2001

Brooks,

Not sure about Windows ME, but you may want to check what type of services you are running. If you see IIS, shut it down.

Sheeps

-- Anonymous, July 30, 2001

Looks like with Windows ME I'm all set, regardless of whether IIS is also an issue. (Thought for a moment that listening to Art Bell archives might be an example of where I could be vulnerable.) At any rate, Microsoft's patch site is located at ...

http://www.microsoft.com/technet/treeview/default.asp? url=/technet/itsolutions/security/topics/codealrt.asp

B.

-- Anonymous, July 30, 2001