This account is pending registration confirmation. Please click on the link within the confirmation email previously sent you to complete registration.
Need a new registration confirmation email? Click here
See Cramer's multi-million dollar portfolio for FREE and get his new book Get Rich Carefully! Learn More

The Daily Interview: What to Expect From the Code Red Worm

At 8 p.m. EDT this evening, a malicious worm is expected to awaken in computer systems around the world and wreak havoc on the Internet.

It sounds like something out of a bad science-fiction novel, but it's the truth. A malicious worm, a piece of computer code already embedded in hundreds of thousands of computers, is expected to launch an attack that was originally aimed at whitehouse.gov, the White House's Web site. The origin of the computer virus is unknown. (For more on the virus, read Jim Seymour's article.)

A worm is a virus that infects a computer via a network, like the Internet, and propagates itself by copying its own code and sending it out to other computers connected to that network. This particular worm, known as Code Red, is unique due to its lengthy incubation period -- it replicates itself through networks, undetected, from the first to the 19th of the month.

Then on the 20th, it launches a denial-of-service attack on a specific targeted Web site. In effect, the virus sends so many requests and so much data to the site that it overloads its servers, and users can't access it. As a result of certain coding within the clocks of computers, analysts fear that the worm may awaken tonight, rather than on the first of the month, and start a new round of infections.

In today's Daily Interview, TheStreet.com speaks with Vincent Weafer, senior director of the Anti-Virus Research Center at Symantec, an Internet security company. Weafer explains what exactly a "malicious worm" is, how it works and how it affects the companies that it targets.

Weafer also elaborates on how you can protect your own computer and company from a possible attack, and tells us what the Code Red worm may bring tonight.


Vincent Weafer
Director of the
Anti-Virus
Research Center,
Symantec
Recent Daily Interviews
National Association of Manufacturers'
David Huether
Fear Factor's
Matt Kunitz
U.S. Bancorp Piper Jaffray's
Sam May
Citigroup's
Gabriel De Kock
Wasatch Small Cap Value's
Jim Larkins
Strong American Utilities'
Mark D. Luftig

TSC: Let's start with the basics: How do denial-of-service viruses affect Web sites, and what actually goes on when a site is attacked?

Weafer: There's two impacts of an exploit like this. Code Red is a worm, which, once it infects a machine, goes looking for other vulnerable machines to infect. During that period, you've got lots of data occurring on the Internet while it's out there searching for these other vulnerable machines. So the side effects may be a slowdown of the network, or possible overloading of some of the infrastructure, such as routers, if too many scans are occurring at once.

Now, Code Red has a "direct payload," which is a denial-of-service attack against a specific IP address; that IP address used to belong to whitehouse.gov, [but the site has since been moved]. During the period when the payload is active, all the infected machines send large amounts of junk data toward this address. Had that address been active at that time, the Internet would have been very overloaded with all this junk data being targeted against the particular address.

TSC: Once a virus such as Code Red attacks a company's Web site, what does it take to defeat the attack, in terms of technology, time and financial expense?

Weafer: In this case, it's very, very simple. And Microsoft has already created a security patch for their Internet Information Servers that are vulnerable to this. So all the administrator has to do is go to the Microsoft Web site and download that patch, reboot their systems and then they're not vulnerable to this attack again.

TSC: Does the patch have to be implemented before the system is attacked as a preventative measure, or can it be used once the site is attacked as a remedy?

Weafer: It should be used before the system is attacked, but even if the system is currently being attacked, the patch can still be deployed.

TSC: What about companies such as eBay and Yahoo! that were hit by denial-of-service attacks in February of 2000? Are they vulnerable to the Code Red worm?

Weafer: In this case, most of those companies are only vulnerable if they've got Internet Information Servers themselves, and, of course, [if] there would be infections disrupting their systems. However, most of the large corporations have already taken pains to protect their systems, so it's very unlikely that the high-profile names or governments or large enterprises would be that impacted.

Right now, we're really looking at medium enterprises, small offices and home users who've got small Web sites where they've got this deployed, and where they may not understand the importance of security patches. These are the most likely source of these attacks and denials of service. They're the ones that we're really trying to reach out to right now to say "make sure you understand if you've got a vulnerable system and deploy the security patch."

TSC: So most of the large companies have either planned for this in advance and have anti-viral software, or, should they be attacked, it won't really affect their bottom line, right?

Weafer: Yes, and really the impact for the large companies is just making sure that their systems are not vulnerable for this worm to spread amongst their own systems. Based on what happened in July, most of them have learned and are updating their systems. It's really reaching out to the other people to say "make sure you patch your systems." Though in terms of pure denial of service, there was only one targeted address, which was changed so that it's invalid. Really, we're not comparing this to the distributed denial-of-service attacks that hit eBay and Amazon last year. In effect, this, unless it is modified, will not continue.

TSC: Did either eBay or Amazon, or any other company hit by a similar virus, lose significant revenue as a result of that attack?

Weafer: I don't have that data. I think, for many companies, the main concern is their reputation, is making sure that they can prepare for these things. And of course, the denial of service is just about whether they can deal with large volumes of data coming in at one time. And most companies, especially security-conscious companies, have ways of dealing with that, with routers and filters. But, of course, it's about how can you deal with a flood, very, very quickly.

TSC: What are the implications of the Code Red virus to Microsoft and Cisco, the two companies that have products that are vulnerable to the malicious code?

Weafer: Microsoft has taken a very active role in this, in warning people about updating their security patches. It's just another example of complex software having vulnerabilities that are discovered and then exploited by hackers. Microsoft has been very vocal in making sure that people understand the vulnerability and know how to protect against it. Their own infrastructure and systems have already been patched, so they're very secure.

Cisco, too. With their router, they're just making sure that should there be a flood of scanning on the Internet, or junk data being sent around, that their routers and systems can deal with that volume of data, and they don't have any negative side effects.

TSC: Do the writers of viral code target specific systems like Microsoft's Windows NT and Cisco's routers?

Weafer: Potentially, they will. And certainly this is a targeted attack against Microsoft's systems, not Microsoft itself, but its systems, which [in this case] is the Internet Information Server.

TSC: Are there large expenses to combating viruses?

Weafer: Yes, there certainly can be. You need to make sure you have people trained and in place, that you've got the right tools -- firewalls, gateways, anti-virus software -- and [that's] a lot of things put in place to make sure you're secure.

I think the main lesson is trying to understand what are your digital assets that you're trying to protect and how important they are to you, because the same way in the physical world you may get a bigger, stronger safe based on whether you're a bank or just keeping some of your personal documents, it's the exact same thing with computer security. You base the amount of security on the value of those assets that you're protecting.

TSC: What can we expect from the Code Red work tonight?

Weafer: I think we'll definitely see a spread of infections; I don't think the Internet will be severely impacted, but we will see a noticeable increase in traffic, as many of the new infections and some of the existing ones wake up from hibernation. But really, it's all about lots of port scans occurring and making sure we get the word out to people to tell them to protect their systems by employing the patch and rebooting their system.

TSC: So no major damage?

Weafer: I don't believe so. An increase in data and maybe some servers being overloaded, but I don't think it's going to be catastrophic.

Select the service that is right for you!

COMPARE ALL SERVICES
Action Alerts PLUS
Try it NOW

Jim Cramer and Stephanie Link actively manage a real portfolio and reveal their money management tactics while giving advanced notice before every trade.

Product Features:
  • $2.5+ million portfolio
  • Large-cap and dividend focus
  • Intraday trade alerts from Cramer
  • Weekly roundups
TheStreet Quant Ratings
Try it NOW
Only $49.95/yr

Access the tool that DOMINATES the Russell 2000 and the S&P 500.

Product Features:
  • Buy, hold, or sell recommendations for over 4,300 stocks
  • Unlimited research reports on your favorite stocks
  • A custom stock screener
  • Upgrade/downgrade alerts
Stocks Under $10
Try it NOW

David Peltier, uncovers low dollar stocks with extraordinary upside potential that are flying under Wall Street's radar.

Product Features:
  • Model portfolio
  • Stocks trading below $10
  • Intraday trade alerts
  • Weekly roundups
Dividend Stock Advisor
Try it NOW

Jim Cramer's protege, David Peltier, identifies the best of breed dividend stocks that will pay a reliable AND significant income stream.

Product Features:
  • Diversified model portfolio of dividend stocks
  • Alerts when market news affect the portfolio
  • Bi-weekly updates with exact steps to take - BUY, HOLD, SELL
Real Money Pro
Try it NOW

All of Real Money, plus 15 more of Wall Street's sharpest minds delivering actionable trading ideas, a comprehensive look at the market, and fundamental and technical analysis.

Product Features:
  • Real Money + Doug Kass Plus 15 more Wall Street Pros
  • Intraday commentary & news
  • Ultra-actionable trading ideas
Options Profits
Try it NOW

Our options trading pros provide daily market commentary and over 100 monthly option trading ideas and strategies to help you become a well-seasoned trader.

Product Features:
  • 100+ monthly options trading ideas
  • Actionable options commentary & news
  • Real-time trading community
  • Options TV
To begin commenting right away, you can log in below using your Disqus, Facebook, Twitter, OpenID or Yahoo login credentials. Alternatively, you can post a comment as a "guest" just by entering an email address. Your use of the commenting tool is subject to multiple terms of service/use and privacy policies - see here for more details.
DOW 16,408.54 -16.31 -0.10%
S&P 500 1,864.85 +2.54 0.14%
NASDAQ 4,095.5160 +9.2910 0.23%

Brokerage Partners

Rates from Bankrate.com

  • Mortgage
  • Credit Cards
  • Auto
Advertising Partners

Free Newsletters from TheStreet

My Subscriptions:

After the Bell

Before the Bell

Booyah! Newsletter

Midday Bell

TheStreet Top 10 Stories

Winners & Losers

Register for Newsletters
Top Rated Stocks Top Rated Funds Top Rated ETFs