White House sidesteps Code Red worm

White House sidesteps Code Red worm

By GCN Staff

JULY 20'The White House Web site managed to sidestep a massive denial of service attack last week by moving to an alternate IP address that the Code Red worm could not find.

Code Red exploited a vulnerability in Microsoft's Internet Information Server software and spread rapidly in the last week to infect hundreds of thousands of Web servers. It was designed to pump large volumes of traffic from each compromised machine to www.whitehouse.gov over four hours beginning at 8 p.m. Thursday.

The White House was tight-lipped about the evasive maneuvers.

'We took protective measures aimed at minimizing any impact,' spokesman Jimmy Orr said.

With plenty of warning about the coming attack, the site's IP address was moved from to The worm code directed traffic to the former address. Legitimate traffic to the whitehouse.gov domain was redirected to the new address.

'We have been aware of Code Red for several days and have been in contact with several organizations,' said Marty Lindner, incident handling team leader at the CERT Coordination Center at Carnegie Mellon University.

'There is no silver bullet against denial of service attacks,' Lindner said. The best measure is to 'have a good understanding of your infrastructure and have good communications with your service provider.'

After the announcement of the Microsoft IIS vulnerability last month, a patch was released to correct it. Nevertheless, Code Red infected more than 200,000 unpatched servers, according to estimates by security experts. Its most significant trait was the ability to evade antivirus scans, said Steve Trilling, director of research at the Antivirus Research Center of Symantec Corp. of Cupertino, Calif.

'It runs completely in memory,' Trilling said. 'No program hits your disk.'

Despite its rapid spread, Code Red is not sophisticated, one system administrator said.

'This is a script-kiddie attack,' he said. 'It's not that intelligent.'

Still, 'Code Red is not gone,' Lindner said. 'It's going to be there for a while' and probably will continue to spread in variant forms.


  • Records management: Look beyond the NARA mandates

    Records management is about to get harder

    New collaboration technologies ramped up in the wake of the pandemic have introduced some new challenges.

  • puzzled employee (fizkes/Shutterstock.com)

    Phish Scale: Weighing the threat from email scammers

    The National Institute of Standards and Technology’s Phish Scale quantifies characteristics of phishing emails that are likely to trick users.

Stay Connected

Sign up for our newsletter.

I agree to this site's Privacy Policy.