DOD shuts out worm, public

Despite being "largely successful" in protecting itself against infection from the Code Red worm making its way around the Internet, the Defense Department has shut off public access to many of its Web sites, according to a department official.

In an interview Aug. 1, Army Maj. Barry Venable, spokesman for the U.S. Space Command, would confirm only that the department is "taking additional measures to meet the effects of this worm."

But according to a DOD official, the department is again shutting off access to selected sites, making their determination based on a number of factors, including the precise function being performed by the site, the need to keep public access open, the assessment of the problem on the Internet and its effects on those sites.

This follows a similar reaction at DOD last month. At that time the worm had infected more than 250,000 systems around the world and started a distributed denial-of-service attack on the White House Web site. The White House successfully countered the attack by changing the site's IP address.

At that point, DOD shut off public access to almost all of its sites until it could install patches distributed by Microsoft Corp., officials said at the time. The patches fix the vulnerability that the Code Red worm exploits in systems running the Windows NT 4.0 or Windows 2000 operating systems and Internet Information Server (IIS) 4.0 or 5.0.

Defense system administrators applied patches to the Web servers and made the sites available again July 24, Pentagon spokesman Rear Adm. Craig Quigley said in a briefing July 31.

"We have been very largely successful in installing the patches that we feel should be very effective in guarding our networks from attack by the worm in the first place," he said. "We're very confident that we've certainly got most of them covered."

The Joint Task Force for Computer Network Operations, the department's lead cybersecurity group and based at Spacecom, has been actively monitoring the latest round of the worm's activity, Quigley said.

Activity picked up again Aug. 1, as the worm was set to look for new systems to infect. According to the CERT Coordination Center at Carnegie Mellon University, the worm had infected about 200,000 systems around the world by midnight, Aug. 1. It will initiate another distributed denial-of-service attack on the White House starting Aug. 20.

But although DOD has been effective in installing patches, that does not immunize it against the denial-of-service attacks, the department official said. It simply prevents the department from becoming part of the problem and allowing the worm to propagate on DOD computers.

"There's collateral damage. The terrorist may not be able to plant his bomb in your store, but you can still get cut by the glass," the DOD official said.

"If every computer on the Internet had the patch, this thing would go away," he said. "It wouldn't have anything to eat."