Everyone should stay OFF THE COMPUTER on TUE and WED

[Guest guest]

By Andy Sullivan

Reuters

WASHINGTON (July 31) - The fast-spreading ''Code Red'' Internet worm, which disrupted U.S. government Web sites last week, is likely to reemerge at 8 p.m. EDT on Tuesday and wreak fresh havoc across the Internet, experts say.

The FBI's National Infrastructure Protection Center and other online security watchers expect the worm to start multiplying again, possibly slowing Internet traffic as it attempts to knock out government Web sites.

''There is reason for concern that mass traffic associated with the worm's propagation could degrade the overall functioning of the Internet and impact ordinary users,'' NIPC Director Dick told a news conference on Monday.

The worm, which in some cases displays the message ''Hacked by Chinese!,'' was expected to strike again at the hour corresponding to the first instant of Wednesday, August 1, based on Universal Time, which is the same as Greenwich Mean Time.

Japan's IT security branch said that government ministries there had been urged to patch up any security holes in their systems to keep out the worm but that there had been no reports of central government web sites suffering damages thus far.

Computers running the Windows NT or Windows 2000 operating systems and Microsoft Corp's Internet Information Server (IIS) software version 4.0 or 5.0 are vulnerable to infection, and users should install a software patch. Instructions for the patch are available at www.digitalisland.net/codered.

For infected computers, turning the machine off and then on gets rid of the worm but does not provide immunity from future infection.

Code Red was first noticed in mid-July and appeared to spread most virulently on July 19 but has largely been dormant since about July 23, experts from industry and government said at the news conference, called to publicize the software patch.

Unlike other kinds of viruses, worms do not erase files or otherwise damage the infected computer.

Named after a caffeinated soft drink favored by computer programmers, Code Red works by installing itself on server computers that are then instructed to blitz government Web sites and others with data, which can slow them down.

WEB MELTDOWN

Code Red is ''enough to cause the meltdown of the Internet,'' said Russ of security services company TruSecure Corp. ''Whether your machine is vulnerable or not, if 300,000 machines all try and send you eight kilobytes of data, you won't be able to use the Net in the process.''

Code Red is different from earlier viruses like ILoveYou and because it can reproduce much more quickly, Dick said.

The worm can also deface sites, though in two of the three known variants, no vandalism is apparent to computer users. In last week's hits, some U.S. government sites showed the message ''Hacked by Chinese!''

The worm scans the Internet, looking for other computers to infect, and as more and more computers are infected, the scanning becomes more widespread.

The version of Code Red that could hit on Tuesday ''has mutated so that it may be even more dangerous,'' online security watchers said in a joint statement.

''This spread has the potential to disrupt business and personal use of the Internet for applications such as electronic commerce, e-mail and entertainment.''

The warning was posted by Microsoft Corp., the FBI center, Carnegie Mellon University's Computer Emergency Response Team and other groups.

While the White House Web site managed to avoid disruption when the worm surfaced on July 19, the Pentagon temporarily cut off public access to hundreds of its Web sites on July 23 to guard against it. Public access was restored to the Defense Department sites on July 24.

Dick noted that on July 19 alone, the worm had infected more than 250,000 computer systems in just nine hours and it was estimated it could affect 500,000 Internet addresses in a day.

01:03 07-31-01

Copyright 2001 Reuters Limited. All rights reserved. Republication or redistribution of Reuters content, including by framing or similar means, is expressly prohibited without the prior written consent of Reuters. Reuters shall not be liable for any errors or delays in content, or for any actions taken in reliance thereon. All active hyperlinks have been inserted by AOL.