CNN.com - Transcripts

Transcript Providers

Return to Transcripts main page

CNN Live At Daybreak

Thwarting the Code Red Worm Computer Virus

Aired July 31, 2001 - 07:53 ET

THIS IS A RUSH TRANSCRIPT. THIS COPY MAY NOT BE IN ITS FINAL FORM AND MAY BE UPDATED.

THIS IS A RUSH TRANSCRIPT. THIS COPY MAY NOT BE IN ITS FINAL FORM AND MAY BE UPDATED.
CAROL LIN, CNN ANCHOR: Taking a look at one of our top stories now, in-depth, we are looking at Code Red worm. Now, what exactly is going to happen today? According to the FBI, they're saying that this computer worm could attack as many as 250,000 computers in as little as nine hours. That's already the record that it set back on July 19. Obviously, a lot of businesses affected and obviously, people looking for solutions as they try to get into their files today.

So let's go to Christopher Faulkner. He is CEO of CI Host, a Web hosting company and someone who stands to lose a lot of money if the Code Red worm strikes. And then Ben Venzke is CEO of Tempest Publishing and it's intelligence group, IntelCenter. He specializes in anti-terrorism and cyberthreats.

First to you, Christopher and good morning to both of you. Exactly, what are you anticipating today? First, let me start here, what is a Web hosting company and what makes you so vulnerable to what the worm might do?

CHRISTOPHER FAULKNER, CEO, CI HOST: Well, what we do, Carol, is we host Web sites for about 105,000 different people around the country. We talk in a domain name like CI Host.com. You would connect to our network and retrieve those files and view the domain and all the content to that domain.

LIN: And so what are doing to protect yourself then?

FAULKNER: Well, it's -- the Code Red worm works in a couple of different of ways. And one of those ways is hard to protect against. There are so many computers out there that are vulnerable or actually were infected the last time on July 19, when the Code Red worm went around. But those machines are going to attack today and look for other vulnerable machines and/or attack even legitimate computers looking for a way to penetrate them and to infect them. So all those machines are going to hit the Internet with malicious traffic and possibly slow down the Internet and/or create conflict -- you couldn't receive your e-mail or access your Web sites, those sort of things.

LIN: Christopher, it sounds like you stand to lose a lot of money today as this thing hits.

FAULKNER: Well, our clients, the last time, requested refunds because of some down time incurred during the Code Red. But we do the best we can. And the fact that we have the best technology out there to prevent these sort of things sometimes doesn't even cure the issue. When there's so much malicious traffic out there, networks just really can't run during these kinds of slowdowns.

LIN: So Ben, what is it that can -- people do to protect themselves?

BEN VENZKE, CEO, INTELCENTER: Well, the key here with Code Red and many of these worms that we see is that the ability to patch it, to be able to fix your computer so it can't be infected and to clear it if it already has, is it's relatively simple when you're talking about one computer and if you know that it's a problem and you know where to get the patch. But it requires you to be aware of it, which is why we've seen such an effort by the FBI and others to announce this. And it requires you to take the initiative, to go out and patch your computers, which can be a little more tricky when you're talking about corporate systems where you're talking about tens of thousands of machines.

But if you're running a Web server, you want to go the Microsoft Web page, download the patch and install the patch. But then even after you install it, you want to make sure that you're rebooting the machines so that if it's already been infected, it'll clear it and then it'll be protected from getting infected again.

LIN: Christopher, as you've taken a look at this problem, what advice do you have for business people like yourselves who are waking up today, trying to figure out what they should do first or how to get the patch etcetera?

FAULKNER: Well, I think they should take the worm very seriously. And I think they should take each server that they have on their network -- if they've got four, they've got 4,000 -- and then you'd make sure each machine is patched. I believe the worm defaces sometimes the Web page or it puts "Attacked By The Chinese." But we've seen various other different modifications made to the worm that doesn't modify the Web page. So a lot of people don't even know they have an infected machine.

I think that even if you think your machines are protected, Microsoft is giving out a free software that lets you scan your network and verify each machine has been patched properly and that it cannot be reinfected. And I think the key to ending this whole thing is to ensure that every network and every computer around the world, that we team up as a team and work together and patch every machine. If 1,000 machines are left...

LIN: Easier said than done.

FAULKNER: Right.

LIN: Easier said than done at this point.

FAULKNER: It is.

LIN: So Ben, we're hearing that the FBI is saying look, this worm may strike at 8:00 tonight. How do they know that it's going to strike and what sort of progression can people see or watch for throughout this day to see if in fact, it is going to strike in mass?

VENZKE: Well, it's interesting. Even if you have a home computer, if you have a fire wall installed on it and are connected to a DSL or a cable modem, you might see some traffic from this worm. Basically, the reason that we know that there's this 8:00 time period tonight where it will begin to propagate again is the worm has a life cycle. For the first 20 days of the month, it will continue to spread itself to infect additional computers around the world. On the 21st through the 28th, it attempts to launch a denial of service attack against what was once the White House Web site, but which is now immune to the attack. And then for the last few days, if there's more than 28 days in a month, it goes to sleep until the first and then restarts again.

So what we're seeing is we're going into that period where it's going to begin doing massive scanning of the Internet, looking for computers that are vulnerable. So, if you're connected to the Internet and it happens to choose your address, you could see the worm trying to get into your computer. But fortunately, for most home users, they're not vulnerable to it. So other than generating some requests in a log file, it won't really mean anything.

LIN: Right. More of an inconvenience to individual users but a big problem potentially for business.

VENZKE: Exactly.

LIN: All right, thank you very much Ben Venzke, Christopher Faulkner. Good luck today. We're going to have continuing coverage throughout the day on this worm and what it is doing or not doing.

TO ORDER A VIDEO OF THIS TRANSCRIPT, PLEASE CALL 800-CNN-NEWS OR USE OUR SECURE ONLINE ORDER FORM LOCATED AT www.fdch.com