CNET también está disponible en español.

Ir a español

Don't show this again

Christmas Gift Guide
Tech Industry

Code Red: Can you spell S-O-P-O-R-I-F-I-C?

CNET's Dave Becker explains how "The great worm attack of 2001" morphed from a relatively minor IT problem into a general panic.

In the annals of media events gone awry, Monday's call to arms against the Code Red worm may well come to rank with Bill Clinton's Monica mea culpa or the Windows 98 demonstration in which Bill Gates' spiel was interrupted by the ol' Blue Screen of Death.

After years of reacting to computer security threats with responses ranging from silence to vague indifference, the government went full-bore. Led by the FBI's newly formed National Infrastructure Protection Center, government and business leaders call on the global community to mobilize against a threat poised to squish the life out of the Internet.

The outcome had to be gratifying to the organizers, to say the least. Business leaders, IT pros and average citizens scrambled to download Microsoft's software patch, whether they needed it or not, and stayed glued to news outlets for reports on the progress of the insidious threat.

Too bad that Code Red meant precisely zip to most of them.

As opposed to mass-mailing worms such as SirCam and Love Letter, Code Red is a highly targeted little critter, searching out only Windows NT and Windows 2000 systems running Microsoft's Internet Information Server (IIS) Web server software.

That aspect of the worm was included in just about all media accounts--somewhere below the "man the lifeboats" verbiage--but when did information ever get in the way of a good panic? Ordinary PC users--from one reader's 78-year-old grandmother, who wouldn't get near her nice, new PC anymore, to the spouses of some CNET News.com staffers--were scared out of their skins, convinced some creeping crud was going to leak in over their phone or broadband lines. We received dozens of letters from people seeking information on how to download or install the patch on computers with unaffected operating systems, from people who've probably never seen a Web server.

The biggest actual danger for rank-and-file PC users is that, if Code Red takes off on an even bigger tear than its original incarnation, parts of the Internet might become slow or unresponsive. Delays in buying used clothes on eBay! Hindered access to copyright-violating music files! Oh, the horror, the horror!

Given that the only folks who had to do anything about the virus were a select and identifiable group of IT professionals, you have to wonder if government and business watchdogs couldn't have chosen a more targeted method for getting the "Please patch" message out. Periodic announcements during "Star Trek: Deep Space Nine" reruns, perhaps. Or get those geniuses at X-10 to design pop-ads that would plague every Slashdot reader.

There are a number of good theories as to why Code Red garnered disproportionate attention, beginning with the name itself. Code Red, as the Pepsi marketing pros who chose it for the newest belly-wash realized, is a solid, attention-getting name with a fair sense of urgency. Compare that with the monikers of other worms that have threatened serious damage. Hard to imagine headlines screaming "Internet at risk from Cheese attack."

The media has also taken its lumps for not understanding the true nature of the worm. Remembering all those reports on the dire shortage of "Cobalt" programmers during the Y2K buildup, it's not hard to believe that the press deserves a little egg on its face.

But most fingers have been pointed at the FBI, which may have felt the need for some attention and validation for its new get-tough-on-cybercrime approach. From that standpoint, it's hard to see Code Red as anything but a success. The percentage of citizens who recognize there is such a body as the National Infrastructure Protection Center has no doubt increased geometrically--maybe even exponentially--in the past few days. When the next big tech scare comes, like the massive solar flare that could wipe out communications networks any minute, we'll know where to turn for sober, clear-minded analysis and protection.

And who's to say that a little panic won't help our new data centurions in their quest? Look what the "War of the Worlds" radio broadcast did for Orson Welles' career.