Watch CBS News

X-SciTech

Code Red's World Tour

By CBSNews.com staff CBSNews.com staff

/ CBS

The latest version of the "Code Red" computer worm was wreaking havoc in America and Asia Tuesday.

Qwest Communications blames the computer worm for knocking off some of its high speed Internet access customers in Minnesota.

The company is not saying yet how many of the state's 50,000 DSL customers have been affected — or when their service will be restored.

The worm, which first surfaced in mid-July and then re-emerged last week, is programmed to use infected computer servers to send junk data to the White House Web site on August 19th.

As a side effect, it mistakes Qwest digital subscriber line modems for Web servers and disables them.

Experts say the latest Code Red attacks reveal that the worm has become more dangerous — because it now opens a "back door" in infected computers that makes them vulnerable to other viruses.

South Korea was trying to determine whether it was this pernicious worm which had attacked government computers and Hong Kong also reported at least one confirmed infection.

China's Ministry of Public Security issued a national alert to police urging swift action to prevent the spread of the Code Red II worm, the name for the new variant.

"We've discovered that computer systems at some work units and government departments have been infected with this virus, disturbing normal working conditions," said the statement seen by Reuters.

"The situation is beginning to move more quickly and spread more widely this week," said a technical support manager at Beijing Rising Technology Corp, a virus protection company.

South Korea reported its first Code Red outbreak as servers at a cluster of government offices were hit, sparking a shutdown of some systems to prevent it spreading further.

The computer worm froze a computer network linking government offices in Taejon, about 85 miles south of Seoul, the Ministry of Government Administration and Home Affairs said.

Get Rid Of The Worm
A step-by-step guide to keeping your computer safe.
It was not immediately clear whether it was the more pernicious variant, discovered on Saturday, of the Code Red worm which first struck last month, a ministry official said.

Offices of the Korea Forestry Service, Cultural Properties Administration and Industry Property Office were affected.

The official said Internet links between the offices and government offices in Seoul were severed to try to prevent the worm from spreading.

In Hong Kong, a spokesman from the government-sponsored Hong Kong Computer Emergency Response Team Coordination Center (HKCERT) said it had received one report of "Code Red II" infection and three reports of attempts to sneak into computers.

A Bevy Of Bugs
Code Red joins a list of viruses that have thrived in the sprawling Internet universe:
  • March, 1999: Melissa made tens of thousands computers vulnerable to other viruses.
  • May, 2000: The Love Bug rapidly replicated itself via e-mail, overloading corporate e-mail systems in many countries and causing damage estimated at up to $10 billion.
  • May, 2000: NewLove started lurking in computers in Israel but didn't spread as fast as the "ILOVEYOU" virus.
  • June, 2000: Stages shut down e-mail systems at four Fortune 100 firms.
  • August, 2000: Pokey left some operating systems devastated.
  • November, 2000: Navidad, hit at least 10 Fortune 500 companies.
  • March, 2001: Naked Wife deleted almost all of a computer's vital system files and sent itself out to everyone in the user's e-mail address book.
    • Reports in Indian newspapers last week said the Code Red worm had been traced to a computer at the University of Foshan in China's southern province of Guangdong.

    But a laboratory technician who answered the phone at the university's computer department on Tuesday said he was surprised to learn of the reports because the school had been on vacation since July 6 and was being refurbished.

    Code Red Two can be stopped with the same software patch used to head off Code Red. One computer security expert says it won't affect machines that have already been patched.

    However, the new worm isn't as easy to track as Code Red, so was no early estimate for how many computers have been infected.

    The Code Red worm first appeared in computers in July, infecting 250,000 machines on July 19 alone. Then it went dormant until July 31.

    Unlike a computer virus, which needs a person to help it spread, a worm infects other computers on its own. It does not affect most home computers.

    The worm scans the Internet, looking for other computers to infect, and as more computers are infected the scanning gets more widespread.

    The worm can spread quickly on unprotected computer servers and threatens to slow down Web traffic. It does not affect most home computers.

    Unlike other kinds of viruses, worms do not erase files or otherwise damage the infected cmputer; however, it can spread much more rapidly, said Ronald L. Dick, the director of the FBI's National Infrastructure Protection Center.

    ©MMI, CBS Worldwide Inc. All Rights Reserved. This material may not be published, broadcast, rewritten, or redistributed. Reuters Ltd and The Associated Press contributed to this report

    First published on May 22, 2001 / 10:21 AM EDT

    © 2001 CBS. All rights reserved.

    View CBS News In
    CBS News App Open
    Chrome Safari Continue
    Be the first to know
    Get browser notifications for breaking news, live events, and exclusive reporting.