Rumors Surrounding the “Code Red” Epidemic Are Just That – Rumors

As previously reported, some US and British organizations spread the word at the beginning of this week about a possible repeat of the “Bady” (Code Red) Internet-worm epidemic. As a result of the announcement being reported throughout the world, the facts were distorted, causing a real panic amongst Internet users influenced by the inaccurate information.

“Virtually all messages concerning Bady that have been registered with us since the beginning of the week have come from home users, who worried about their computer security in vain. Frankly speaking, all of them were confused by the incorrect mass media announcements,” commented Denis Zenkin, Head of Corporate Communications for Kaspersky Labs.

As a result of the mass spreading of these rumors, Kaspersky Labs considers it necessary once again to note that Bady poses no threat to home users. The current Internet-worm is capable only of infecting computers operating Microsoft Windows 2000 and Microsoft Internet Information Server (IIS) with the Indexing Service switched on. This configuration of software is used exclusively on special servers, and home computers and office workstations operating any Windows version (including Windows 2000) are not exposed to the Bady attack.

Other confusing factors furthering the rise of virus hysteria were the predictions of a repeat of the July Bady epidemic. At that time (July), the worm infected more than 350,000 Web-servers around the world and conducted a massive DDoS attack on the US White House Web-site (, causing a temporary disruption in the site’s operation. As Kaspersky Labs announced on July 31, a repeat of the Bady epidemic did not occur, and, moreover, our technical support department did not note even one occurrence of infection by Bady.

Unfortunately, the groundless panic surrounding Code Red has distracted user attention from the actual danger caused by the continuing epidemic of the SirCam network worm. The level of infection by SirCam has already eclipsed that of “LoveLetter” and “Melissa” combined, and a lowering in the number of infections caused by SirCam has yet to be seen. Unlike Bady, SirCam poses a threat to home users and corporate clients hooked up to the Internet. This worm conducts an unauthorized distribution of random files via e-mail in such a way that an infected computer could disclose sensitive documents and other confidential information to the recipients from the address book. One of the reasons the SirCam epidemic has not weakened is the lack of attention paid to this real danger as a result of the uproar concerning Bady. Most of all, US government organizations have tried avoiding a repeat DDoS attack on the White House Web-site, which could have actually occurred had system administrators not successfully installed the special patch protecting the IIS system. However, as a result of the media’s reporting of the first Bady epidemic, the overwhelming majority of IIS servers had been installed with the protective patch.

Along with this, millions of average computer users have been left neglected. It would have been better to pay closer attention to thwarting SirCam rather than Bady, and as a result of this neglect, within the past two weeks, SirCam has seized the top spot of the most wide spread malicious code , exceeding many times over the infections caused by other programs of the kind.

Neutralizing procedures for SirCam have been added to the Kaspersky Anti-Virus database as of July 17 of this year.

Don't miss