Computer virus attacks White House Web site


The White House Web site dodged an Internet bullet, using some technical sleight of hand to sidestep a computer virus dubbed “Code Red,” security experts said.

The virus has infected more than 225,000 computer systems around the world, defacing many Web sites with the message “Hacked By Chinese,” experts said. Despite the message, the origin of the virus is unknown.

The ultimate goal of the virus, known as a “worm,” is to gather strength by infecting more computers and then have them all attack a numerical Internet address that represents the White House Web site. The assault, which was set to go off Thursday night, is a denial of service attack, designed to hamper or shut down a computer system by flooding it with huge amounts of data.

The White House apparently shifted its Web site to a different numerical address to avoid the attack, said Stephen Trilling, director of research at Symantec Corp. of Cupertino, California, a computer security company.

White House spokeswoman Jeanie Mamo would say only that the White House had “taken preventative measures aimed at minimizing any impact from the computer virus known as the Code Red worm.”

The FBI’s National Infrastructure Protection Center issued a warning late Thursday, calling the virus a significant threat that could “degrade services running on the Internet.”

The CERT Coordination Center, the government-funded computer emergency response team at Carnegie Mellon University, said at least 225,000 computers were infected.

Code Red exploits a flaw discovered last month in Microsoft software used on Internet servers. While a software patch was made available to correct the flaw, not everyone has made use of it, Trilling said.

Specifically, vulnerable computers are those running the server software on Microsoft Windows NT 4.0 or Windows 2000.

Only computers set to use English as their language will have the Web pages they maintain defaced.

The flaw that the virus exploits was discovered by eEye Digital Security Inc., a computer security company based in Aliso Viejo, California.

In a statement, the company said its programmers had dubbed the virulent software the “Code Red” worm because they were drinking a kind of Mountain Dew soda with that name while they studied the virus. Another reason was because of the Web site vandalism claiming to be caused by Chinese hackers, the company said.

Since the virus targets servers, mostly used by businesses, few individual computer users were affected.

Computer security companies were posting advisories on how to deal with the virus late Thursday.