FBI accused over Code Red virus confusion

UK police say misleading warnings from the FBI led home PC owners to believe that their computers could be infected by the server worm
Written by Wendy McAuliffe, Contributor

The Metropolitan Police has criticised the FBI for issuing confused messages about the Code Red worm, which led home PC owners to believe that their computers could be infected by a self-propagating worm that only attacks Internet servers.

Last night the FBI was on red alert for an Internet meltdown, due to begin at 1am BST once the malicious worm became active again.

As the Metropolitan Police's Computer Crime Unit points out, over-hyped warnings by the FBI have failed to acknowledge that only unpatched servers using versions of Microsoft's Internet Information Server (IIS) would be vulnerable to re-infection. "Code Red cannot affect a machine unless it has a Web server installed, which is very unlikely as this does not happen by default," said DC Andy Cox of the Metropolitan Police.

The confusion has caused panic amongst some ZDNet News readers. Questions such as "how do we protect our PCs from this new virus attack?" and "should I shutdown my system Tuesday night?" have bombarded the mailroom in the last couple of days.

Graham Cluley, a senior technology consultant at anti-virus firm Sophos, agreed that FBI warnings should have clearly stated that Code Red cannot affect home PCs, and accused the organisation of imitating a "John Grisham novel".

"It's good news that the Internet didn't melt down, but the danger is that because the FBI issued such hyperbolic warnings with the suggestion that this has cost billions of dollars already, the average person will remember that nothing happened, and not take the next warning seriously," said Cluley.

The Metropolitan Police has confirmed that contrary to widespread warnings, "nothing has happened" since 1am BST. The time-sensitive worm, which replicates between Windows 2000 servers, and exploits the so-called Microsoft Index Server flaw, is programmed to re-propagate itself on the first of each month, and so will no longer be lying dormant in previously infected machines. For British anti-virus firms a sleepless night was unnecessary -- reports confirm that few systems have been compromised this time round.

Is your PC safe? Find out in ZDNet UK's Viruses and Hacking News Section.

Have your say instantly, and see what others have said. Click on the TalkBack button and go to the Security forum.

Let the editors know what you think in the Mailroom. And read other letters.

Editorial standards