[Code Red is] enough to cause the meltdown of the internet

Russ Cooper Computer security specialist

The worm, which first surfaced in mid-July, has been mainly dormant since then, although it has already infected hundreds of thousands of systems.

Experts believe it is set to spread again on Tuesday night, just as the calendar enters August at 0000 GMT.

Investigators do not yet know who wrote Code Red or where it started, though the words "Hacked by Chinese" which appear for a few hours on infected machines raise a suspicion that this is another development in an ongoing Chinese-American war of hackers.

The FBI says it is working with experts in the United Kingdom, Australia and Canada to try to contain the worm's spread.

The Code Red program is called a worm because it can spread across networks and infect new machines without computer users having to do anything at all.

Search for source

Law enforcement officials have asked for the public's help in finding those responsible for the worm.

"If individuals have information about the people that have committed this crime, we ask them to come forward," said Mr Dick.

The Pentagon had to pull the plug on its public facing sites

Mr Dick also expressed concern that too many computer users thought of their systems as mere appliances, not recognizing that a computer needs "to be constantly monitored and maintained. It functions like a living organism".

He stressed the need for firms running Microsoft Windows NT and 2000 operating systems, along with the Internet Information Services software (IIS), to download Microsoft's security update.

"We should consider it a civic duty to ensure that if you are running IIS software, you have patched it," Mr Dick said.

Click here for links to Microsoft security downloads

Home users running Windows 95, 98 or Me are not vulnerable and machines running non-Microsoft operating systems will also be unaffected.

However, even if your own computer is unaffected, Code Red could seriously disrupt your access to the internet.

It is "enough to cause the meltdown of the Internet," said Russ Cooper of security services company TruSecure Corp.

White House web attack

Earlier this month, the White House changed the net address of its public facing websites following warnings that Code Red had infected many thousands of machines and was about to flood it with bogus data requests.

In Code Red's first search and infect wave that ended on 19 July, the Code Red program is thought to have installed itself on more than 250,000 machines.

Now, the Code Red program is about to launch a search for more machines to infect.

Experts fear the wave of scanning this will unleash could cause problems for net users.

Many anti-virus companies have now issued software that helps system administrators work out if they are vulnerable, and search for and purge the Code Red worm from their machines.

Already two variants of the Code Red worm have been found.