Worm hits more than 115,000 computers

USA Today

SAN FRANCISCO — The Code Red worm finally squirmed.

After playing dead since it was supposed to attack Tuesday night, the computer worm spread yesterday to more than 115,000 computers and forced the Pentagon to shut down public access to many of its Web sites for the second time in two weeks.

But the worm didn't create nearly as much havoc as earlier feared. No slowdown in Internet traffic or damage to Web sites — the biggest threats of the worm — were noted.

The FBI's National Infrastructure Protection Center now says it expects the worm to hit 350,000 computers, about as many as it did on July19 when it first surfaced.

The worm isn't spreading as quickly as some observers feared because businesses inoculated their computers with security software.

Still, it may take days before the full damage is known. The worm is intended to deface Web sites — not to infect consumers' personal computers.

"People feared a rabid worm sprinting across the Internet," says Elad Yoran, co-founder of network-security firm Riptech. But that's not how Code Red spreads. It infiltrates computers the first 19 days of a month, then goes into attack phase for nine days, then rests until the next month.

As of midday yesterday, the worm's growth was already tapering. In Hawai'i, only sporadic effects of slowed Web sites were being reported.

Code Red first appeared in a July19 assault on the White House Web site. The attack was blocked, but it overwhelmed thousands of business computers with junk data that clogged Internet traffic. Code Red primarily infects computers running Windows NT, Windows 2000 and Microsoft's Internet Information Server software.

The White House Web site was not affected by the latest siege, presidential spokesman Ari Fleischer said.