Defense squashes ‘Code Red’ worm

After squashing the threat posed by the "Code Red" computer worm, the Defense Department restored public access to its Web sites at mid-afternoon Tuesday. Defense began restricting public traffic late last week in an effort to limit its exposure to the worm. The Code Red worm travels the Internet looking for Web sites with well-known vulnerabilities. Once it finds what it is looking for, it quickly defaces the Web page. The worm then installs its payload--a malicious software code designed to enslave a computer so it can be used as a "zombie" in a distributed denial of service attack. Hackers use such attacks to crash Web servers by flooding them with bogus information sent by hundreds, if not thousands, of infected computers. Defense had full use of its networks while locked down, said Army Maj. Barry Venable, spokesman for the U.S. Space Command and the Joint Task Force-Computer Network Operations. "We regret that we had to block public access to DoD web sites," he said. "This was a temporary measure that was never intended to be permanent." Defense restricted public access to its 10,000 networks and about 2.5 million computers to halt the spread of the worm within the department. A Defense source admitted that if the worm had infected the department's resources, it could have been quite a weapon in the hands of a hacker or malicious agent-especially for use as part of a denial of service attack. "If a hacker can enlist that sort of help, it's a hell of a resource," the official said. The risk from the worm seems to be diminishing and the Defense Department appears to have escaped relatively unharmed. "Initially, there were a few servers affected," Venable said. "Those were taken offline and repaired. Then the appropriate patch was installed and they were brought back online. The impact was minimal."