We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
80,259 News Articles

Weekend: Code Red is non-event

Virus swamps helpdesks not internet after hype

Despite the hype, the widely publicised Code Red worm may not have caused a significant slowdown of the internet. However, several European software vendors confirmed on Friday that it did flood technical support phone lines at antivirus companies.

Many internet users who were in fact untargeted by Code Red were scared by the alert that was sent out last Sunday by a number of US government and private organisations, the vendors said.

This is a little rich coming from the companies that did so much to make sure the media knew about Code Red. PC Advisor received numerous press releases on the subject, but refused to publish stories about the worm precisely because so many companies have a vested interest in scaring the public.

The alert, headlined 'A Very Real and Present Threat to the Internet: July 31 Deadline For Action', predicted Code Red would cause sporadic but widespread outages of the internet.

"Our tech support line received many calls from home users who are not affected but heard about Code Red and were very scared, hollow scares," said Dennis Zenkin, spokesman for Moscow-based antivirus vendor Kaspersky Labs.

"We have been getting thousands and thousands of phone calls. It is a real shame, that imaginative alert from the FBI. The title reads like a John Grisham novel," seconded Graham Cluley, senior technical consultant at UK-based Sophos.

Helpdesk agents at F-Secure, a Finland-based antivirus vendor, also received a much higher than normal number of calls, said Mikko Hypponen, manager of antivirus research.

"Lots of people called and said they had disconnected their computer from the internet and wanted to know when it would be safe to hook it back up. Many of these people were typical consumers running Windows 98. The only thing they could notice from Code Red is a slowdown of the internet," he said.

A website administrator at a relatively large Finnish company, who was called in to work at three in the morning to protect his servers, also called Hypponen for advice.

"The chief executive officer had seen something on CNN about Code Red and called the webmaster. His systems were all Linux-based, so he really had nothing to worry about," said Hypponen.

Code Red is a self-propagating worm that exploits a flaw in IIS (Internet Information Server), a part of Microsoft's Windows 2000 and Windows NT server software. It scans the internet for vulnerable systems and infects these systems by installing itself. A patch for the flaw has been available since mid-June.

All three European vendors blame the panic on the unprecedented joint alert and the often-incomplete media attention it received. The alert was issued by, among others, the FBI's National Infrastructure Protection Center, the CERT (Computer Emergency Response Team) Coordination Center, the SANS Institute and Microsoft.

"I am very sceptical about warnings that predict internet meltdowns. They have done more harm than good. They needed to make clear that this didn't affect home users. I think that many people that downloaded the patch are home users," said Sophos' Cluley.

"This issue is difficult to solve," commented Hypponen, who said he approves of the way the alert was issued, but said he would have picked a different headline. "People that don't have any understanding of the topic will freak out, no matter how detailed your announcement is."

The vendors are afraid that, because the internet did not get swamped by rogue packets of data, the alert will negatively reflect on the antivirus community.

"The average person on the street will forget that the announcement came from the FBI and Microsoft and see this as another example of the antivirus industry warning for something that turns out to be a non-event," said Cluley.

Hypponen agreed, but said it is clear that the antivirus industry wasn't involved in the alerting for the virus.

"Typically it is the antivirus industry that is blamed for touting a virus to get more sales. The alert had an accurate view, although it was very Tom Clancy-like."


IDG UK Sites

Best Black Friday 2014 tech deals UK: Get bargains on phones, tablets, laptops and more this Black...

IDG UK Sites

Tomorrow's World today (or next year)

IDG UK Sites

25 iOS apps turn (Red) for World AIDS Day campaign

IDG UK Sites

Advanced tips for Mac OS X Yosemite: use Yosemite like an expert - 5 new tips added