Code Red worm carries 'meltdown' threat

The White House may have dodged the wrath of the Code Red worm this time, but the impact of this worm and its counterparts has been far-reaching, with more than 5000 attacks made on Australian systems in the past week.

Australia ranked in the top five countries that Code Red attacked, according to statistics generated by the SecurityFocus incidents database.

Russ Cooper, surgeon general of TruSecure Corp and editor of e-mail list NTBugtraq, said Code Red, which has infected around 300,000 systems worldwide, is the worst security event in Internet history.

"We haven't seen a worm that involves this many hosts and is this complex," he said, adding that if systems affected by the worm continue to go unpatched, "the impact, we predict, is a meltdown".

Telstra, which is presently battling concerns over a Trojan that entered its system and retrieved the login details of 69 of its customers, also felt the pinch of the Code Red worm, according to Stuart Gray, corporate affairs manager, Telstra retail.

Gray said that Telstra was informed by Microsoft of the Code Red worm when it first came to light, allowing the company to modify most of its servers so that they weren't vulnerable.

However, Telstra's Web hosting customers weren't so lucky, with around a dozen users experiencing outages for around two to three hours.

According to Gray, Telstra had advised those customers to acquire the Code Red fix; however, the group affected did not heed the advice, he said.

Glenn Miller, managing director of security provider, Janteknology, cites similar stories about a number of local companies who have been hit by the worm, resulting in their sites going down for several days.

"One company was hacked, its Web site defaced and it was down for five days," he said.

"As the company had an active e-commerce operation, it literally lost an operational business facility for five days and the cost of repairing that was probably up in the order of $10,000," Miller said, adding that the addition of lost business to the equation could well have blown the figure out to hundreds of thousands.

The thing that surprises Miller, both in regards to the Code Red worm and its viral siblings, is the general apathy that many people express in regards to defending themselves against such attacks. Miller said one company took the initiative to download the patch for the Code Red worm, but didn't bother to install it. The end result was that the company's system was attacked.

"There's a general attitude that 'it's not going to happen to me'," he said. "It really is quite disturbing."

Of even more concern, however, is a new variant of the worm, which is proving even harder to track. While it has only been modified in a subtle manner, with a mere 13 bytes of code being changed, it packs a punch equivalent to the original worm, plus more. According to Miller, the aim of the Code Red 2 worm is to establish zombie servers to mount large scale DOS attacks and can be modified to attack any target, not just the White House.

Code Red's agenda

Attaching itself to Microsoft IIS systems that are vulnerable to an .ida buffer overflow attack, the Code Red worm has a number of items on its agenda.

It runs through nearly 100 IP addresses searching for other vulnerable machines to attach itself to, as well as defacing the Web sites of machines running US English Windows NT/2000, with the message "Welcome to!, Hacked by Chinese!".

Its main focus, however, was to launch a denial of service attack on, by sending 100Kbytes of data to the site from July 20 to 27. While the White House dodged the DOS attack, it remained tight-lipped about how it defended itself against the worm, merely saying that it had taken preventive measures aimed at minimising the impact of the virus. Meanwhile, security experts speculated that the site was moved to an alternate IP address to exploit a flaw in the worm's design -- it's inability to adapt to the new IP address because it only sent data when a valid connection was made.

The worm goes into hibernation during the DOS attack phase, providing an opportunity for organisations to secure their IIS servers before it recommences infecting systems. However, security experts warn that once the dormant period ceases, the rate of infection will rise exponentially.

- Sam Costello contributed to this article

Join the PC World newsletter!

Error: Please check your email address.

Our Back to Business guide highlights the best products for you to boost your productivity at home, on the road, at the office, or in the classroom.

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Ronda Field

PC World
Show Comments

Most Popular Reviews

Latest News Articles


PCW Evaluation Team

Azadeh Williams

HP OfficeJet Pro 8730

A smarter way to print for busy small business owners, combining speedy printing with scanning and copying, making it easier to produce high quality documents and images at a touch of a button.

Andrew Grant

HP OfficeJet Pro 8730

I've had a multifunction printer in the office going on 10 years now. It was a neat bit of kit back in the day -- print, copy, scan, fax -- when printing over WiFi felt a bit like magic. It’s seen better days though and an upgrade’s well overdue. This HP OfficeJet Pro 8730 looks like it ticks all the same boxes: print, copy, scan, and fax. (Really? Does anyone fax anything any more? I guess it's good to know the facility’s there, just in case.) Printing over WiFi is more-or- less standard these days.

Ed Dawson

HP OfficeJet Pro 8730

As a freelance writer who is always on the go, I like my technology to be both efficient and effective so I can do my job well. The HP OfficeJet Pro 8730 Inkjet Printer ticks all the boxes in terms of form factor, performance and user interface.

Michael Hargreaves

Windows 10 for Business / Dell XPS 13

I’d happily recommend this touchscreen laptop and Windows 10 as a great way to get serious work done at a desk or on the road.

Aysha Strobbe

Windows 10 / HP Spectre x360

Ultimately, I think the Windows 10 environment is excellent for me as it caters for so many different uses. The inclusion of the Xbox app is also great for when you need some downtime too!

Mark Escubio

Windows 10 / Lenovo Yoga 910

For me, the Xbox Play Anywhere is a great new feature as it allows you to play your current Xbox games with higher resolutions and better graphics without forking out extra cash for another copy. Although available titles are still scarce, but I’m sure it will grow in time.

Featured Content

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?