White House sidesteps Code Red worm

White House sidesteps Code Red worm

By GCN Staff

JULY 20'The White House Web site managed to sidestep a massive denial of service attack last week by moving to an alternate IP address that the Code Red worm could not find.

Code Red exploited a vulnerability in Microsoft's Internet Information Server software and spread rapidly in the last week to infect hundreds of thousands of Web servers. It was designed to pump large volumes of traffic from each compromised machine to www.whitehouse.gov over four hours beginning at 8 p.m. Thursday.

The White House was tight-lipped about the evasive maneuvers.

'We took protective measures aimed at minimizing any impact,' spokesman Jimmy Orr said.

With plenty of warning about the coming attack, the site's IP address was moved from to The worm code directed traffic to the former address. Legitimate traffic to the whitehouse.gov domain was redirected to the new address.

'We have been aware of Code Red for several days and have been in contact with several organizations,' said Marty Lindner, incident handling team leader at the CERT Coordination Center at Carnegie Mellon University.

'There is no silver bullet against denial of service attacks,' Lindner said. The best measure is to 'have a good understanding of your infrastructure and have good communications with your service provider.'

After the announcement of the Microsoft IIS vulnerability last month, a patch was released to correct it. Nevertheless, Code Red infected more than 200,000 unpatched servers, according to estimates by security experts. Its most significant trait was the ability to evade antivirus scans, said Steve Trilling, director of research at the Antivirus Research Center of Symantec Corp. of Cupertino, Calif.

'It runs completely in memory,' Trilling said. 'No program hits your disk.'

Despite its rapid spread, Code Red is not sophisticated, one system administrator said.

'This is a script-kiddie attack,' he said. 'It's not that intelligent.'

Still, 'Code Red is not gone,' Lindner said. 'It's going to be there for a while' and probably will continue to spread in variant forms.


  • Records management: Look beyond the NARA mandates

    Pandemic tests electronic records management

    Between the rush enable more virtual collaboration, stalled digitization of archived records and managing records that reside in datasets, records management executives are sorting through new challenges.

  • boy learning at home (Travelpixs/Shutterstock.com)

    Tucson’s community wireless bridges the digital divide

    The city built cell sites at government-owned facilities such as fire departments and libraries that were already connected to Tucson’s existing fiber backbone.

Stay Connected