The worm to return, computer experts say

The Code Red computer worm is no longer a threat to Defense Department networks, officials say, but a more destructive version of the malicious code will be back within days, according to security experts.

Code Red is a rapidly self-propagating worm estimated to have infected more than 300,000 computers. The worm can cause infected computers to shut down a Web site by overwhelming Web servers with data. In response, the military blocked public access to most of its Web pages while technicians fixed network vulnerabilities. Access to the sites was renewed July 24.

But experts say Code Red will return.

"This worm is going to be a threat until a few hundred thousand administrators go and install the patch on their systems," said Marc Maiffret, chief hacking officer at eEye Digital Security. "Come the first of next month, the worm will go back into its propagation cycle, except this time instead of having five days to propagate, it will have 20."

Programmers can reconfigure Code Red to attack additional sites or alter the data rate or packet sizes to increase its destructiveness, said Fred Cohen, practitioner in residence at the University of New Haven in Connecticut.

Experts disagree on whether the reprogramming can be done by a "script kiddie," an unskilled aspiring hacker whose ability to wreak havoc depends on programs downloaded from the Internet.

"Your average script kiddie doesn't usually have the reverse engineering skills, so if only the binary code is available, they're in a bit of a lurch," said Jay Dyson, senior security consultant at Treachery Unlimited. "All things considered, creating an automated intrusion agent isn't that difficult. It's creating a good automated intrusion agent that takes a bit of talent."

Blocking access to DOD Web sites remains an option, said Army Maj. Barry Venable, U.S. Space Command spokesman.

But "taking Web servers off line and waiting for things to blow over is not a solution," Maiffret said.

Featured

  • Defense
    The Pentagon (Photo by Ivan Cholakov / Shutterstock)

    DOD CIO hits pause on JEDI cloud acquisition

    Dana Deasy set cloud as his office's top priority. But when it comes to the JEDI request for proposal, he's directed staff to "pause" to compile a comprehensive review.

  • Cybersecurity
    By Gorodenkoff shutterstock ID 761940757

    Waging cyber war without a rulebook

    As the U.S. looks to go on the offense in the cyber domain, critical questions remain unanswered around who will take the lead and how clearly to draw the rules of engagement.

  • Government Innovation Awards
    Government Innovation Awards - https://governmentinnovationawards.com

    Deadline extended for Rising Star nominations

    You now have until July 18 to help us identify the early-career innovators and change agents in government IT.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.