Code Red worm carries 'meltdown' threat

The White House may have dodged the wrath of the Code Red worm this time, but the impact of this worm and its counterparts has been far-reaching, with more than 5000 attacks made on Australian systems in the past week.

Australia ranked in the top five countries that Code Red attacked, according to statistics generated by the SecurityFocus incidents database.

Russ Cooper, surgeon general of TruSecure Corp and editor of e-mail list NTBugtraq, said Code Red, which has infected around 300,000 systems worldwide, is the worst security event in Internet history.

"We haven't seen a worm that involves this many hosts and is this complex," he said, adding that if systems affected by the worm continue to go unpatched, "the impact, we predict, is a meltdown".

Telstra, which is presently battling concerns over a Trojan that entered its system and retrieved the login details of 69 of its customers, also felt the pinch of the Code Red worm, according to Stuart Gray, corporate affairs manager, Telstra retail.

Gray said that Telstra was informed by Microsoft of the Code Red worm when it first came to light, allowing the company to modify most of its servers so that they weren't vulnerable.

However, Telstra's Web hosting customers weren't so lucky, with around a dozen users experiencing outages for around two to three hours.

According to Gray, Telstra had advised those customers to acquire the Code Red fix; however, the group affected did not heed the advice, he said.

Glenn Miller, managing director of security provider, Janteknology, cites similar stories about a number of local companies who have been hit by the worm, resulting in their sites going down for several days.

"One company was hacked, its Web site defaced and it was down for five days," he said.

"As the company had an active e-commerce operation, it literally lost an operational business facility for five days and the cost of repairing that was probably up in the order of $10,000," Miller said, adding that the addition of lost business to the equation could well have blown the figure out to hundreds of thousands.

The thing that surprises Miller, both in regards to the Code Red worm and its viral siblings, is the general apathy that many people express in regards to defending themselves against such attacks. Miller said one company took the initiative to download the patch for the Code Red worm, but didn't bother to install it. The end result was that the company's system was attacked.

"There's a general attitude that 'it's not going to happen to me'," he said. "It really is quite disturbing."

Of even more concern, however, is a new variant of the worm, which is proving even harder to track. While it has only been modified in a subtle manner, with a mere 13 bytes of code being changed, it packs a punch equivalent to the original worm, plus more. According to Miller, the aim of the Code Red 2 worm is to establish zombie servers to mount large scale DOS attacks and can be modified to attack any target, not just the White House.

Code Red's agenda

Attaching itself to Microsoft IIS systems that are vulnerable to an .ida buffer overflow attack, the Code Red worm has a number of items on its agenda.

It runs through nearly 100 IP addresses searching for other vulnerable machines to attach itself to, as well as defacing the Web sites of machines running US English Windows NT/2000, with the message "Welcome to!, Hacked by Chinese!".

Its main focus, however, was to launch a denial of service attack on, by sending 100Kbytes of data to the site from July 20 to 27. While the White House dodged the DOS attack, it remained tight-lipped about how it defended itself against the worm, merely saying that it had taken preventive measures aimed at minimising the impact of the virus. Meanwhile, security experts speculated that the site was moved to an alternate IP address to exploit a flaw in the worm's design -- it's inability to adapt to the new IP address because it only sent data when a valid connection was made.

The worm goes into hibernation during the DOS attack phase, providing an opportunity for organisations to secure their IIS servers before it recommences infecting systems. However, security experts warn that once the dormant period ceases, the rate of infection will rise exponentially.

- Sam Costello contributed to this article

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Ronda Field

PC World
Show Comments

Cool Tech

Toys for Boys

Family Friendly

Stocking Stuffer

SmartLens - Clip on Phone Camera Lens Set of 3

Learn more >

Christmas Gift Guide

Click for more ›

Brand Post

Most Popular Reviews

Latest Articles


PCW Evaluation Team

Michael Hargreaves

Microsoft Office 365/Dell XPS 15 2-in-1

I’d recommend a Dell XPS 15 2-in-1 and the new Windows 10 to anyone who needs to get serious work done (before you kick back on your couch with your favourite Netflix show.)

Maryellen Rose George

Brother PT-P750W

It’s useful for office tasks as well as pragmatic labelling of equipment and storage – just don’t get too excited and label everything in sight!

Cathy Giles

Brother MFC-L8900CDW

The Brother MFC-L8900CDW is an absolute stand out. I struggle to fault it.

Luke Hill


I need power and lots of it. As a Front End Web developer anything less just won’t cut it which is why the MSI GT75 is an outstanding laptop for me. It’s a sleek and futuristic looking, high quality, beast that has a touch of sci-fi flare about it.

Emily Tyson

MSI GE63 Raider

If you’re looking to invest in your next work horse laptop for work or home use, you can’t go wrong with the MSI GE63.

Laura Johnston

MSI GS65 Stealth Thin

If you can afford the price tag, it is well worth the money. It out performs any other laptop I have tried for gaming, and the transportable design and incredible display also make it ideal for work.

Featured Content

Product Launch Showcase

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?