White House sidesteps Code Red worm

White House sidesteps Code Red worm

By GCN Staff

JULY 20'The White House Web site managed to sidestep a massive denial of service attack last week by moving to an alternate IP address that the Code Red worm could not find.

Code Red exploited a vulnerability in Microsoft's Internet Information Server software and spread rapidly in the last week to infect hundreds of thousands of Web servers. It was designed to pump large volumes of traffic from each compromised machine to www.whitehouse.gov over four hours beginning at 8 p.m. Thursday.

The White House was tight-lipped about the evasive maneuvers.

'We took protective measures aimed at minimizing any impact,' spokesman Jimmy Orr said.

With plenty of warning about the coming attack, the site's IP address was moved from to The worm code directed traffic to the former address. Legitimate traffic to the whitehouse.gov domain was redirected to the new address.

'We have been aware of Code Red for several days and have been in contact with several organizations,' said Marty Lindner, incident handling team leader at the CERT Coordination Center at Carnegie Mellon University.

'There is no silver bullet against denial of service attacks,' Lindner said. The best measure is to 'have a good understanding of your infrastructure and have good communications with your service provider.'

After the announcement of the Microsoft IIS vulnerability last month, a patch was released to correct it. Nevertheless, Code Red infected more than 200,000 unpatched servers, according to estimates by security experts. Its most significant trait was the ability to evade antivirus scans, said Steve Trilling, director of research at the Antivirus Research Center of Symantec Corp. of Cupertino, Calif.

'It runs completely in memory,' Trilling said. 'No program hits your disk.'

Despite its rapid spread, Code Red is not sophisticated, one system administrator said.

'This is a script-kiddie attack,' he said. 'It's not that intelligent.'

Still, 'Code Red is not gone,' Lindner said. 'It's going to be there for a while' and probably will continue to spread in variant forms.


  • business meeting (Monkey Business Images/Shutterstock.com)

    Civic tech volunteers help states with legacy systems

    As COVID-19 exposed vulnerabilities in state and local government IT systems, the newly formed U.S. Digital Response stepped in to help. Its successes offer insight into existing barriers and the future of the civic tech movement.

  • data analytics (Shutterstock.com)

    More visible data helps drive DOD decision-making

    CDOs in the Defense Department are opening up their data to take advantage of artificial intelligence and machine learning tools that help surface insights and improve decision-making.

Stay Connected