The fast-spreading 'Code Red' Internet worm, which disrupted US government Web sites last week, will probably reemerge tonight and wreak more havoc across the Internet, experts say.
The FBI's National Infrastructure Protection Centre and other online security watchers expect the Internet worm to start multiplying again, possibly slowing Internet traffic as it attempts to knock out government Web sites. It may reach Irish sites at around 1am this morning.
Computers running the Windows NT or Windows 2000 operating systems and Microsoft's Internet Information Server (IIS) software version 4.0 or 5.0 are vulnerable to infection, and users should install a software patch. Instructions for the patch are available at www.digitalisland.net/codered.
For infected computers, turning the machine off and then on gets rid of the worm but does not provide immunity from future infection.
Code Red was first noticed in mid-July and appeared to spread most virulently on July 19 but has largely been dormant since about July 23, experts from industry and the US government said. The worm was expected to strike again this evening at the hour corresponding to the first instant of Wednesday, August 1, based on Universal Time, which is the same as Greenwich Mean Time.
Named for a caffeinated soft drink favoured by computer programmers, Code Red works by installing itself on server computers that are then instructed to blitz government Web sites and others with data, which can slow them down.
Code Red is 'enough to cause the meltdown of the Internet,' said security services company TruSecure Corp. 'Whether your machine is vulnerable or not, if 300,000 machines all try and send you eight kilobytes of data, you won't be able to use the Net in the process.'
Code Red is different from earlier viruses like ILoveYou and Melissa because it can reproduce much more quickly. The worm can also deface sites, though in two of the three known variants, no vandalism is apparent to computer users. In last week's hits, some US government sites showed the message 'Hacked by Chinese!'
The worm scans the Internet, looking for other computers to infect, and as more and more computers are infected, the scanning becomes more widespread.
The version of Code Red that could hit later today has mutated so that it may be even more dangerous, online security watchers said in a joint statement. 'This spread has the potential to disrupt business and personal use of the Internet for applications such as electronic commerce, e-mail and entertainment.'
The latest warning was posted by Microsoft, the FBI centre, Carnegie Mellon University's Computer Emergency Response Team and other groups.
While the White House Web site managed to avoid disruption when the worm surfaced on July 19, the Pentagon temporarily cut off public access to hundreds of its Web sites on July 23 to guard against it. Public access was restored to the Defence Department sites on July 24.
On July 19 alone, the worm had infected over 250,000 computer systems in just nine hours and it was estimated it could affect 500,000 Internet addresses in a day.
Entropy, the Dublin-based Internet security company, has warned companies here to again be vigilant about the virus.
Commenting on the alert, Entropy's Managing Director Conall Lavery, said: 'We feel that most Irish businesses listened to the original warning and took action to update their anti-virus software with the necessary patches'.
'Code red, as with all other viruses has the potential to cause damage, however if companies have taken the necessary precautions they should be fine,' he assured.
