bodyType

customContents

entityId

entityUuid

articlePageQuery

filter

article

articleBaseAdvertisingInfoArticle

articleListArticle

articleSeoArticle

helpersCheckIsPostiesArticle

hooksArticleAcknowledgementGateOverlayArticle

hooksTrackPageViewArticle

hooksContentInterestArticle

articleLinkingDataContent

hooksAmpRedirectArticle

articleSchemaContent

liveArticle

advertZone

sentiment

contentLock

topics

types

sections

paywallTypes

createdDate

publishedDate

moreOnThisArticles

urlAlias

commentCount

authorLocations

authors

corrections

sponsorType

displaySlideShow

multimediaEmbed

printHeadline

seriesContainer

socialHeadline

headline

flag

firstTopic

glossary

flattenTypeIds

additionalInfoBoxes

quizIds

images

image

relatedLinks

relatedNewsletters

__typename

sponsor

pdfFiles

seriesReverseOrder

series

disableOffPlatformContent

published

updatedDate

summary

subHeadline

body

keywords

readingTime

customTimezone

liveContents

Lydia Zajc

The original Code Red worm, which slowed the Internet and threatened the White House Web site with a disabling attack last month, has barely surfaced this month despite concerns it might attempt another pass.

Computer security firms in Hong Kong are receiving fewer complaints from corporate customers.

'The number of infections appears to be dropping,' said Allan Dyer, chief consultant at network safety company Yui Kee Computing.

Code Red probes for security holes in Web servers running Microsoft's Internet Information Services (IIS). It hits systems running Microsoft Index Server 2.0 and Indexing Service in Windows 2000.

The worm sparked an unprecedented level of attention from the United States Government and computer protection agencies, which worked together to alert users to the risk.

Infected servers attempted to launch an attack against the www.whitehouse.gov site, to create a distributed denial of service (DDoS) attack. That would bombard a site with so many false requests for information it would be unable to process them all and responses would grind to a halt.

US government technicians averted an attack by changing the site's Internet protocol address, because infected servers were programmed to hit the numbered address not the domain name.

However, the National Infrastructure Protection Centre (NIPC), based in the US, issued a notice on August 16 saying the risk of another attack had declined.

The NIPC said: 'Because of the rapid response from the public, industry and infrastructure providers to mitigate the potential for damage from this worm, the threat posed by the upcoming attack is significantly reduced.'

David Banes, who heads the Asia-Pacific arm of Symantec's anti-virus research centre, said the worm was programmed to spring back to life around this time and infect other systems until August 28. However, he said yesterday few companies had complained about the worm - and none from Hong Kong.

Mr Banes did not expect much more activity from the malicious computer program, although some multinational companies were still fixing internal systems.

'Ninety-nine per cent of servers have been patched by now. You're going to see a few [hits] still, but it should be well under control,' he said from his base in Australia.

Consultant Patrick Li, from the Hong Kong Computer Emergency Response Team centre, said no new reports of the original Code Red, or related Code Red II, had surfaced in the area. A total of seven reports for both types of worm had come in to the education centre, which logs voluntary complaints.

Code Red II, which also attacks holes in Microsoft IIS Web servers, is more dangerous than the first, because it opens a back door on infected systems allowing an attacker to peer inside and even steal sensitive files.

NIPC said there were three versions of Code Red, which infects servers and defaces Web pages with the text 'Hacked by Chinese!' in red letters. However, Code Red II, seemingly named after the original, does not launch DDoS attacks or deface Web pages.

The recent round of worms targeting Microsoft products has led to questions of responsibility for such threats.

The two Code Red programs caused billions of dollars of damage and untold hours of lost productivity as technicians continue to struggle with vulnerable servers.



Worries on new Code Red attack fade away