Update: Code Red Infections Slowing - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


Update: Code Red Infections Slowing

Reports of the worm appear to be levelling off.

The spread of Code Red continues, say security experts. As of 1:30 p.m. EST Wednesday, the worm managed to infect roughly 100,000 systems. However, the SANS Institute says the hourly rate on infection appears to be declining. Experts hope this shows that a sizable portion of vulnerable systems had been patched by the Tuesday deadline.

Stuart Staniford, president of Silicon Defense, an intrusion-detection company, estimates that the hourly rate of infection is .75 hosts an hour, per infected machine. That means each infected server is infecting less than one other system per hour. The first wave of Code Red, which occurred last week, had an infection rate of 1.6 to 1.8 new systems per hour.

Michael Erbschloe, author of "Information Warfare, How To Survive Cyber Attacks," and VP of research at Computer Economics, estimates that the first wave of Code Red cost companies worldwide $1.2 billion. Erbschloe says the cost of clean up was $740 million, and the cost associated with lost productivity reached $450 million. Erbschloe says he doesn't expect the second wave to be as costly.

According to the SANS Institute's incidents.org Web site, as of 9 p.m. EDT Tuesday, 157 systems had been infected; by 8 a.m. Wednesday, 8,007 had been infected. At 11 a.m., infected systems numbered more than 22,000.

"Those numbers are in line with what we are seeing," says Bill Pollak, spokesman for the CERT Coordination Center.

"During the first Code Red attack, I'd only noticed a few scans on our systems," says Own Creger, IS security manager for accounting-software maker Creative Solutions Inc. Creger says that as of noon Tuesday, he had noticed more than 40 scans on his intrusion-detection system. "I think this time around, [Code Red's] improved IP address random access is making it try to spread faster," he says.

Security experts Tuesday were hoping that companies would heed repeated warnings about the Code Red worm. Variants of the worm, which struck hundreds of thousands of Microsoft NT and Windows 2000 operating system last week, began striking Tuesday at 8 p.m. EDT. The worm scans the Internet from infected servers, searching for servers that do not have Microsoft's fix in place. As more systems become infected, the worm's propagation will increase and potentially slow Internet traffic to a crawl.

According to Microsoft, as of late Monday, more than 1 million patches had been downloaded. Experts had hoped that the estimated 6 million potential targets would be patched in time.

According to Marc Maiffret, chief hacking officer at eEye Digital Security, hundreds of thousands of infections were discovered in the first wave, which only had six or seven days to propagate and infect new servers. Because the worm has a built-in cycle to spread for 19 days before it launches a denial-of-service attack, the next wave may be worse.

Eeye discovered the vulnerability in Microsoft's Internet Information Services software, which ships with Windows NT and 2000. "I think when the first comes around and the worm has 20 days to spread, we will see at least the same impact as the last one," says Maiffret. "Hopefully, IT administrators [will] prove me wrong and have been installing the patches--but a few hundred thousand systems is a lot of systems to patch."

Eeye has published a free tool that administrators can use to determine whether their servers are vulnerable to Code Red. The tool is available at http://www.eeye.com/html/Research/

Microsoft's patch is available at

Companies running Windows are not vulnerable to Code Red.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
2020 State of DevOps Report
2020 State of DevOps Report
Download this report today to learn more about the key tools and technologies being utilized, and how organizations deal with the cultural and process changes that DevOps brings. The report also examines the barriers organizations face, as well as the rewards from DevOps including faster application delivery, higher quality products, and quicker recovery from errors in production.
Think Like a Chief Innovation Officer and Get Work Done
Joao-Pierre S. Ruth, Senior Writer,  10/13/2020
10 Trends Accelerating Edge Computing
Cynthia Harvey, Freelance Journalist, InformationWeek,  10/8/2020
Northwestern Mutual CIO: Riding Out the Pandemic
Jessica Davis, Senior Editor, Enterprise Apps,  10/7/2020
Register for InformationWeek Newsletters
Current Issue
[Special Report] Edge Computing: An IT Platform for the New Enterprise
Edge computing is poised to make a major splash within the next generation of corporate IT architectures. Here's what you need to know!
White Papers
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Sponsored Video
Flash Poll