Be alert to new Code Red computer virus
If your computer runs on Microsoft Windows NT or 2000, or if you run the Microsoft Internet Information Services Software (the company's Web server software), you'll need to read this column.
Pronto.
A new worm (a type of computer virus) called Code Red, which probably originated in China, began appearing late last month, and caused immediate problems. The worm uses a flaw in the Microsoft software to deface the sites it attacks. About 6 million websites run the Microsoft server software.
Security experts also say it allows the hackers to compile a list of "infected" machines and later take control of them for other purposes. (Users of Windows 95, 98, and ME will not be affected.)
The situation is serious enough that officials from Microsoft and the federal government held a press conference Monday to warn Microsoft users about potential attacks. A side effect of the spreading virus is that it will slow Internet traffic, but security experts differ over how much impact Code Red will have on the speed of the network.
Worms can either be launched by users when they open an e-mail attachment (the much-publicized Anna Kournikova virus worked this way), or they attack a computer through a security flaw, and then use that computer to launch attacks on similar flawed machines. Code Red is the latter variety of worm.
Code Red works by selecting 100 IP addresses (the Internet address of a computer) and scanning computers associated with these machines for the software flaw. Once it
finds a vulnerable machine, it defaces it with the message "Welcome to http://www.worm.com! Hacked by Chinese." The worm only seems to be attacking English-based Microsoft IIS systems.
Microsoft has known about the problem for almost two months, and offered a security patch on June 18. But it seems that few people took the time to download it.
The security flaw is just the latest problem for Microsoft, which has
had a bad summer in terms of its public image.
Security problems with the pre-release of its Windows XP software meant that thousands of people got to download the program for free. Meanwhile, the company has been forced to backtrack on several of the initiatives associated with its XP operating system. And last week, Charles Schumer, the Democratic senator from New York, said that Microsoft should not be allowed to go ahead with its planned Oct. 25 launch of XP.
But the security flaw in NT and 2000 raises a new issue. Computer expert Steve Gibson made headlines recently when he published an article on the Internet that alleged Windows 2000 and XP will greatly enhance the ability of hackers to use machines running the software to launch denial-of-service attacks on the Net. Mr. Gibson is also one of those worried that we are about to see a serious increase in the number of Code Red attacks.
"As you may know, the second variety of the Code Red worm, with the much more random IP generator, is designed to replicate while the day of month is less than 20," he wrote on his website, www.grc.com. "When the day of month is greater or equal to 20 and less than 28, it attacks an IP which used to be the Whitehouse. And it terminates its activities from the 28th through the end of the month."
Gibson writes that he is concerned that once computer internal clocks turn to Aug. 1, Code Red will launch itself again.
If you run Windows NT or 2000, or run your website on Microsoft IIS software, and haven't yet installed the Code Red security patch, you can get a copy from the Microsoft homepage at www.microsoft.com.
Tom Regan is the associate editor of csmonitor.com, the electronic edition of The Christian Science Monitor. You can e-mail him at csmbandwidth@aol.com.
