Code Red wormed its way into more than 150,000 computers yesterday – but the virus-like infection failed to cripple the Internet and appeared to be slowing down.
Experts had feared a full-scale relapse of last month’s scarlet fever, which hit a quarter of a million systems in a few hours and caused massive cyberspace slowdowns.
But the bad-tempered bug had a tougher time finding victims this time because tens of thousands of Web-site operators inoculated their systems with a “patch” from Microsoft.
“We’re still watchful, but for the first time, we’re hopeful, as well,” said Alan Paller, director of research for the SANS Institute, which was helping the government monitor the crisis.
Still, Web watchdogs warned that the danger was far from over.
“It’s nothing to sneeze at,” said Simon Perry, vice president of security at Computer Associates.
“The danger is that people will say it didn’t get to a quarter of a million this time so it’s been overblown . . . but a high number of servers have been hit.”
The second round of Code Red launched at 7 p.m. Tuesday. By last evening, it had infected 150,000 computers using Microsoft NT or Windows operating systems with Internet Information Server software.
“Individual sites did experience some pain. Some were just slowed down, but we did have reports of some servers crashing,” said Roman Dahyliw of Carnegie Mellon’s Computer Emergency Response Team.
The Pentagon said none of its computers was infiltrated, although it shut down or restricted public access to some Department of Defense sites as a preventive measure.
“We’ve seen the worm scanning out on the Internet for vulnerable systems, but the thing is not targeted at DOD,” said U.S. Army Major Barry Venable.
Code Red is programmed to infect servers – most personal computers are not affected – from the 1st to the 19th of every month.
From the 20th to the 27th, those servers then try to flood the White House’s Web site.