Home Office statement on 'Code Red' worm

August 2, 2001

Home Office statement on ‘Code Red’ worm

The following is the complete statement by the UK Government Home Office on the impact of the Code Red worm in the UK – the statement is accompanied by briefing notes

Early indications are that the impact of the Code Red worm appears to have been minimal. Fears that the worm would have a potentially devastating effect on the Internet seem to have been unfounded. Monitoring showed that the worm started its scanning routine as forecast but there was no discernible impact on the infrastructure of the Internet.

In the UK levels of activity by the worm were very slight and the Internet in the UK remains robust and safe to use. This does not mean that system owners can be complacent and system administrators should ensure that their systems are adequately protected from Code Red by installing the freely available patch from Microsoft.

It is possible that the publicity given to the vulnerabilities of the Microsoft Internet Information Server (IIS) and the availability of the patch will have helped to reduce the effects of the worm as system administrators applied the patch and fewer servers became vulnerable to attack.

Code Red worm in its current format is technically no longer a danger in that its existence is known about and there are safeguards against infection available. The threat now comes from variants of the worm, which may behave in a very different way and, initially at least, be undetectable. The Government advises all systems administrators to keep themselves informed about new threats and the remedies that are available, and to apply them at the earliest opportunity in order to protect their systems.

UNIRAS, which is part of the NISCC, sent three Briefing Notices and an Alert (19,20,27 and 30 July) to bring the threat from Code Red to the attention of Central Government, CNI (Critical National Infrastructure) companies and their business partners. These were also posted on the UNIRAS website at http://www.uniras.gov.uk.

The NISCC will continue to monitor the situation in conjunction with its technical contacts and partners both in the UK and internationally over the coming days. The behaviour of Internet worms and viruses are difficult to predict and warnings about their impact have to be carefully considered to ensure that an appropriate response is made to the perceived threat. The NISCC assessed that the threat from Code Red was not likely to have a significant impact on UK systems and our detailed warnings were made suitably available on the UNIRAS website.

Notes

1. The establishment of the National Infrastructure Security Co-ordination Centre (NISCC) was announced by the Home Secretary to Parliament on 20 December 1999. Its role as an inter-departmental organisation is to co-ordinate and develop existing work within Government departments and agencies and organisations in the private sector to defend the Critical National Infrastructure against electronic attack. See http://www.niscc.gov.uk

2. The Unified Incident Reporting and Alert Scheme (UNIRAS) is run by the NISCC and its role includes receiving reports of significant electronic attack incidents, threats, new vulnerabilities and countermeasures from its customer base and other commercial, Governmental and international sources. It then validates, anonymises (where appropriate) and disseminates the information back to its customers through email alerts and briefings. These are also available on the UNIRAS website. See http://www.uniras.gov.uk