FBI downgrades Code Red threat

Systems that remain infected with the Code Red worm are scheduled to launch another round of distributed denial-of-service attacks (DDOS) against the White House Web server Sunday, but the FBI said the threat posed to the Internet by the upcoming attack “is significantly reduced.”

Since first coming to the public’s attention July 19, the Code Red worm managed to infect hundreds of thousands of systems running Microsoft Corp.’s Internet Information Services (IIS) software. And while officials acknowledged that thousands of system administrators failed to heed the warnings and install the patch that Microsoft had made available in June, the FBI now says that enough systems have been patched that the potential for a widespread slow down of Internet traffic is minimal.

“Because of the rapid response from the public, industry and infrastructure providers to mitigate the potential for damage from this worm, the threat posed by the upcoming attack is significantly reduced,” the FBI’s National Infrastructure Protection Center (NIPC) said in a statement yesterday.

Despite the reduced threat, the NIPC continues to urge all users of Windows 2000 Professional, Server and Advanced Server and Windows NT Server to download and install the available patches prior to the Sunday 8 p.m. eastern deadline.

The latest NIPC assessment also clarified a misunderstanding about the software that remains vulnerable to the Code Red II worm. Discovered during the first week of August, the Code Red II worm increased the potential for damage by installing a backdoor on every system it infected. Although initial press coverage warned of vulnerabilities in Microsoft Personal Web Server (PWS) software running on Windows 2000, the NIPC and Microsoft have now ruled that out.

“PWS, however, is compatible only with Windows 95/98/ME and Windows NT Workstation; it does not run on Windows 2000 Professional,” the NIPC assessment stated. “This misunderstanding ostensibly stems from a documentation error in Windows 2000 Professional help which refers to the integrated Web server as ‘Peer Web Services (PWS),’ rather than by its correct designation of IIS 5.0.”

Still, if users are operating the Web server running on a Windows 2000 Professional system, the system remains vulnerable to the Code Red and Code Red II worms, “and must be immediately patched,” the NIPC warned.

On Wednesday, Microsoft announced two new security tools aimed at improving the download and distribution rate of security patches. Microsoft teamed with Shavlik Technologies LLC to create two free tools, HFNetChk and Microsoft Personal Security Advisor (MPSA), which are designed to help system administrators identify and obtain the patches they need. HFNetChk is designed for corporate networks and MPSA is for home users and small businesses.

Microsoft Canada is at http://www.microsoft.ca