August 20, 2002

A double whammy of computer viruses has been attacking the Internet in recent days, with the collective potential to slow Web access, disrupt instant messaging and impede the ability of many to send and receive e-mail.


The confluence of two viruses – by chance or intent, that’s what Information Technology investigators will be looking into – has been building since last week. The fastest spreading, called the SirCam Worm, is the trickiest, coming as an e-mail attachment from a friend.


Late Tuesday, Kaspersky Labs, a Russian developer of antivirus programs and operator of the www.viruslist.com Web site, declared SirCam the most widespread virus of all time.


But because the subject of the SirCam-infected e-mail is always different, many are opening the virus and thus activating it.


Once that attached file is opened, the worm sends itself to everyone in the victim’s e-mail list, sending with it a file randomly selected from the victim’s My Document Windows file.


That fact alone poses significant privacy problems for anyone keeping sensitive letters, spreadsheets or data files on their computer. Most of the major anti-virus software makers Monday were assigning the SirCam virus a high risk. Many corporate servers around the country were reporting a deluge of infected e-mails Monday.


“The problem with this one is that it gets larger every time it’s picked up,” says David Perry, Global Director for Trend Micro, an anti virus maker. “SirCam keeps grabbing files and sending them out with the virus. It’s a real mess.”


The SirCam virus has a different subject heading in each e-mail but always starts out and ends the same.


The first line always reads: “Hi! How are you. “I send you this file in order to have your advice.”


The closing line is invariably: “”See you later. Thanks” Antivirus experts report that it had shown up in 50 countries by Monday night, with Europe expected to be hard hit on Tuesday, thus sending a host of new infected e-mails back to the states. But that’s just one virus.


The second major threat is from something called the “Code Red Worm,” a virus that attacks only servers, the networked computer “brains” that control and process corporate e-mail and networked machines at businesses.


Believed planted by Chinese hackers, the virus has infected about 200,000 servers, computers that process Internet traffic. The White House Web site was targeted last week, but officials took steps to switch to a clean server and avoided disruption.


“In addition to Web site defacement, infected systems may experience performance degradation as a result of the scanning activity of this worm,” warns a statement from the Computer Emergency Response Team (CERT) Coordination Center, which tracks virus outbreaks in the U.S.


“Non-compromised systems and networks that are being scanned by other hosts infected by the ‘Code Red’ worm may experience severe denial of service.” Denial of service attacks flood a server with so many requests for access that it is overwhelmed and crashes.


Vincent Gullotty, senior director of the AVERT antivirus alert center for Network Associates, says the combination of the two fast-spreading viruses has the potential to slow and disrupt traffic across the entire Internet for much of the week.


July 30 Update from Mike:


Tough week ahead for virus fighters


This is going to be a very rough week for Internet security. With the Net hit hard by last week’s still very prevalent SirCam virus, a much more malicious “worm” virus called Code Red that has probably infected close to a 350,000 network servers will “awake” from a programmed hibernation at 8pm EST Tuesday and set off again, trying to worm its way inside machines and then unleash a coordinated and unprecedented denial of service attack against Web sites. Two weeks ago, it was the White House site that narrowly averted the attack because security experts were able to determine the worm’s target in time to move the site to a different server.


This time, experts worry, malicious programmers have had time to alter the worm’s control code and could attack virtually anywhere, with U.S. government agencies and big corporation and media sites the expected targets.


What does this have to do with the average Net user? Plenty. This Code Red worm is among the most troubling and potentially destructive virus yet unleashed on the Net.


If the hundreds of thousands of machines believed to be infected haven’t been screened through anti-virus software that kills the worm, the massive attack could bring the entire Internet to a crawl.


World on Code Red watch


You sure can’t say we haven’t been warned.


Following a worldwide media blitz by Microsoft, the FBI and a coalition of computer security groups warning of tonight’s reawakening of the Code Red worm, IT experts today are scheduling late shifts to see if their servers have been turned into “Zombie machines” when the worm-virus activates at 8pm tonight.


If Code Red turns into a non-event, there are going to be a lot red faces in the wake of all the hype.


I’ve never seen so many supposed experts sound such strident alarms.


All this, I fear, is taking a toll on business execs and the public. If e-commerce and the new economy is dependent on technology that 15-year-old hackers can shut down, it’s no wonder dot-coms are going bust. Business demands reliability and all the recent virus and worm attacks sure seem to undermine that.


As for the public, I’m hearing from a growing number who are tired of the porn, the spam and the constant virus and worm warnings. All this leads to a general frustration with the Net itself and the feeling that it just may not be worth all the hassle.


There’s a lot at stake in this Code Red scare.


Remember the CB Radio craze of the 70’s? The citizens radio service was touted as a communications breakthrough. But the anarchy and rudeness that resulted as millions of “good buddies” flocked to the airwaves rendered it a useless, squealing cacophony of profanity-studded static and the craze abruptly peaked and died.


Could the same thing happen with the Internet?

Support high-integrity, independent journalism that serves democracy. Make a gift to Poynter today. The Poynter Institute is a nonpartisan, nonprofit organization, and your gift helps us make good journalism better.
Donate
Wendland is a technology journalist and a Fellow at Poynter. His newspaper columns appear in the Detroit Free Press, his TV reports are seen on…
Mike Wendland

More News

Back to News