Code Red worm carries 'meltdown' threat

The White House may have dodged the wrath of the Code Red worm this time, but the impact of this worm and its counterparts has been far-reaching, with more than 5000 attacks made on Australian systems in the past week.

Australia ranked in the top five countries that Code Red attacked, according to statistics generated by the SecurityFocus incidents database.

Russ Cooper, surgeon general of TruSecure Corp and editor of e-mail list NTBugtraq, said Code Red, which has infected around 300,000 systems worldwide, is the worst security event in Internet history.

"We haven't seen a worm that involves this many hosts and is this complex," he said, adding that if systems affected by the worm continue to go unpatched, "the impact, we predict, is a meltdown".

Telstra, which is presently battling concerns over a Trojan that entered its system and retrieved the login details of 69 of its customers, also felt the pinch of the Code Red worm, according to Stuart Gray, corporate affairs manager, Telstra retail.

Gray said that Telstra was informed by Microsoft of the Code Red worm when it first came to light, allowing the company to modify most of its servers so that they weren't vulnerable.

However, Telstra's Web hosting customers weren't so lucky, with around a dozen users experiencing outages for around two to three hours.

According to Gray, Telstra had advised those customers to acquire the Code Red fix; however, the group affected did not heed the advice, he said.

Glenn Miller, managing director of security provider, Janteknology, cites similar stories about a number of local companies who have been hit by the worm, resulting in their sites going down for several days.

"One company was hacked, its Web site defaced and it was down for five days," he said.

"As the company had an active e-commerce operation, it literally lost an operational business facility for five days and the cost of repairing that was probably up in the order of $10,000," Miller said, adding that the addition of lost business to the equation could well have blown the figure out to hundreds of thousands.

The thing that surprises Miller, both in regards to the Code Red worm and its viral siblings, is the general apathy that many people express in regards to defending themselves against such attacks. Miller said one company took the initiative to download the patch for the Code Red worm, but didn't bother to install it. The end result was that the company's system was attacked.

"There's a general attitude that 'it's not going to happen to me'," he said. "It really is quite disturbing."

Of even more concern, however, is a new variant of the worm, which is proving even harder to track. While it has only been modified in a subtle manner, with a mere 13 bytes of code being changed, it packs a punch equivalent to the original worm, plus more. According to Miller, the aim of the Code Red 2 worm is to establish zombie servers to mount large scale DOS attacks and can be modified to attack any target, not just the White House.

Code Red's agenda

Attaching itself to Microsoft IIS systems that are vulnerable to an .ida buffer overflow attack, the Code Red worm has a number of items on its agenda.

It runs through nearly 100 IP addresses searching for other vulnerable machines to attach itself to, as well as defacing the Web sites of machines running US English Windows NT/2000, with the message "Welcome to!, Hacked by Chinese!".

Its main focus, however, was to launch a denial of service attack on, by sending 100Kbytes of data to the site from July 20 to 27. While the White House dodged the DOS attack, it remained tight-lipped about how it defended itself against the worm, merely saying that it had taken preventive measures aimed at minimising the impact of the virus. Meanwhile, security experts speculated that the site was moved to an alternate IP address to exploit a flaw in the worm's design -- it's inability to adapt to the new IP address because it only sent data when a valid connection was made.

The worm goes into hibernation during the DOS attack phase, providing an opportunity for organisations to secure their IIS servers before it recommences infecting systems. However, security experts warn that once the dormant period ceases, the rate of infection will rise exponentially.

- Sam Costello contributed to this article

Join the PC World newsletter!

Error: Please check your email address.

Our Back to Business guide highlights the best products for you to boost your productivity at home, on the road, at the office, or in the classroom.

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Ronda Field

PC World
Show Comments


Microsoft L5V-00027 Sculpt Ergonomic Keyboard Desktop

Learn more >

Lexar® JumpDrive® S57 USB 3.0 flash drive

Learn more >


Lexar® JumpDrive® S45 USB 3.0 flash drive 

Learn more >


Lexar® Professional 1800x microSDHC™/microSDXC™ UHS-II cards 

Learn more >

HD Pan/Tilt Wi-Fi Camera with Night Vision NC450

Learn more >

Lexar® JumpDrive® C20c USB Type-C flash drive 

Learn more >

Audio-Technica ATH-ANC70 Noise Cancelling Headphones

Learn more >


Back To Business Guide

Click for more ›

Most Popular Reviews

Latest News Articles


GGG Evaluation Team

Michael Hargreaves

Dell XPS 13

I’d happily recommend this touchscreen laptop and Windows 10 as a great way to get serious work done at a desk or on the road.

Kathy Cassidy


First impression on unpacking the Q702 test unit was the solid feel and clean, minimalist styling.

Anthony Grifoni


For work use, Microsoft Word and Excel programs pre-installed on the device are adequate for preparing short documents.

Steph Mundell


The Fujitsu LifeBook UH574 allowed for great mobility without being obnoxiously heavy or clunky. Its twelve hours of battery life did not disappoint.

Andrew Mitsi


The screen was particularly good. It is bright and visible from most angles, however heat is an issue, particularly around the Windows button on the front, and on the back where the battery housing is located.

Featured Content

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?