Tracking down the creator of 'Code Red' is not an easy task

August 3, 2001

Marc Maiffret, "chief hacking officer" at eEye Digital Security, company that was one of the first to dissect the 'Code Red' worm, says its author will not be easy to track down.

The security expert has carefully examined two versions of the Code Red worm and said that he did not see the creators of the worm getting caught unless they go off and start bragging about it.

"The person who did this work, obviously, is a pretty smart person," said Maiffret.

Maiffret also said it's not even clear whether the person behind the fastest-spreading version of the 'Code Red' is the same person who created the original malicious program, designed to exploit a well-known security hole in Microsoft Windows-based Web servers.

The expert said that the real shocker is that hundreds of thousands of apparently vulnerable IIS servers have clearly not been patched. That, he said, leaves the door open for more attacks.

According to another experts the vast majority of infected servers are located in Asia.

"Right after 'Code Red' started up again on Aug. 1, most infected machines were in the U.S., but now between 75 and 80 percent are in Asia," said spokeswoman of Amsterdam-based Internet service provider XS4ALL Internet.

Usually most of the scans with any Internet worm come from Asia, as that is where the unpatched systems are. One of the explanations is that people in Asian countries don't let themselves be directed by press statements from the U.S. government and do not adequately follow the security recommendations given by the United States based companies. There is also a lack of information about 'Code Red' in Asia what leaves many servers of the region vulnerable.

'Code Red' tracking data can be found here:
http://www.digitalisland.net/codered