Expert Ben Venzke on the "Code Red" worm

Ben Venzke is the CEO of Tempest Publishing, an intelligence company specializing in terrorism, national security issues and cyber threats. He is the founder of Intelligence Watch Report, which provides daily information about terrorism and other threats around the world. Venzke joined the CNN.com chat room to discuss the "Code Red" worm.

CNN: What types of computers are affected by "Code Red?"

VENZKE: In general systems running Windows 2000 or NT that have IIS installed. There are also some cases were CISCO routers and some other hardware can be impacted.

CHAT PARTICIPANT: Why are some experts talking about the possibility of the worm mutating and what exactly does that mean?

VIDEO The 'Code Red' worm spreads on its own, attacking network server systems. CNN's James Hattori reports (July 30) Play video (QuickTime, Real or Windows Media)   MORE STORIES In Focus: 'Code Red': Will the patch work?   'Code Red' revs up for Net offensive     EXTRA INFORMATION Animated conception of the spread of the 'Code Red' worm     RESOURCES On the Scene: Sieberg: 'Code Red' could create 'traffic jam' on the 'Net   Message Board: 'Code Red' worm

VENZKE: Typically when a worm or virus is released in the wild, you will quickly begin to see variations released. This may be written by the original author or others and bear similarities to the original worm/virus but frequently contain new features and can be more difficult to detect There are at least three variation of Code Red currently in the wild.

CHAT PARTICIPANT: Is there a risk to my home computer that I use to read e-mail from work using Outlook 2000?

VENZKE: As long as you don't have IIS running on it as a web server, which would not be common. Your computer may be scanned by the worm to see if it has IIS on it but there will no visible negative impact. Essentially, you're safe.

CHAT PARTICIPANT: Didn't IIS come out with a fix for this?

VENZKE: Microsoft released a patch back on June 18 but many companies had not installed it in time.

CHAT PARTICIPANT: Is the origin of the virus known for sure?

VENZKE: No one really has any clue and it's very possible that we may never know. The speed with which it spread will make it very difficult to track.

CHAT PARTICIPANT: Don't you think since just about the entire world knows about this virus that nobody will open it when it spreads again?

VENZKE: Unfortunately, this does not work like LoveLetter or other similar worms where you would have to open a message. Code Red can almost silently spread itself from computer to computer without any human interaction. There is also little sign that you have been infected afterwards unless you run a special scanner.

CHAT PARTICIPANT: Aren't these worm connections generally trashed by the firewalls installed?

VENZKE: If you have a firewall up and are not running a server, yes. The problem is if you are hosting a web site, which is exactly what IIS would be used for. In that case you're going to have port 80 open so people can see your site. This is the same port that Code Red will attack through.

CHAT PARTICIPANT: What precautions should be take to avoid the virus?

VENZKE: Users of IIS 4.0 or 5.0 that are running Windows 2000 or NT need to install the patch and then reboot their systems. It is important to reboot after installing the patch to clear Code Red from memory.

CHAT PARTICIPANT: What IP addresses is this virus supposed to bomb? Just that of the White House?

VENZKE: Currently it is just the numeric IP address of what was the White House site the site has since moved but Code Red hasn't changed its target. It is feasible that someone releases a new variation with a different target however.

CHAT PARTICIPANT: Is this going to happen on the first of every month until everyone takes the necessary measures to stop this worm?

VENZKE: It would appear so, unfortunately, although the numbers should drop significantly so that it becomes more in line with a nuisance rather than a serious security threat.

CNN: How much do businesses stand to lose from this attack?

VENZKE: It's really hard to say at this point. If it manages to crash an e-commerce site or interrupt a company's critical business areas the costs could go quite high.

CHAT PARTICIPANT: Will this virus truly create a lot of damage, or will it be a hoax like the Y2K bug?

VENZKE: From the activity we saw around July 19 this is clearly not a hoax. It remains to be seen how serious the impact is during the second round. In all likelihood it won't be anywhere near what the doomsayers are predicting but more than what the people who are brushing it off predict; somewhere in the middle. We'll have to wait and see but there is potential for some significant impacts.

CHAT PARTICIPANT: How long does it take for worm viruses to be discovered?

VENZKE: It depends for the most part on vigilant system administrators who spot irregular activity and then begin to share data with their colleagues over 24-72 non-stop work stretches to get to the bottom of what is going on. For a rapidly spreading worm, not that long. It is through this process that Code Red actually got its name. The team at eEye Digital Security spent all night up drinking the Code Red soft drink so they named the worm after it.

CHAT PARTICIPANT: Can we tell if we have Code Red on our computers now?

VENZKE: A number of the antivirus sites, such as Symantec, have scanners available. Your best step, however, if you are running a computer that is vulnerable is to install the patch and then reboot your machine. This will clear any Code Red infection and make sure you are secure when you come back online.

CNN: Do you have any final thoughts to share with us today?

VENZKE: As time goes on we are going to continue to see an ever-growing number of worms and viruses impacting computers. It's not a reason to panic or forecast the end of the Internet. It is a clear sign that we need to continue to adopt the same kind of security habits we use in the physical world in cyberspace.

CNN: Thank you for joining us today.

VENZKE: Thank you. Goodbye.

Ben Venzke is joining the chat from Washington DC and is typing for himself

Ben Venzke joined the chat room via telephone from Washington, DC and CNN.com provided a typist. The above is an edited transcript of the interview on Tuesday, July 31, 2001 at 2 p.m. EDT.