Washington — The viruslike "Code Red" worm began to take hold Wednesday, infecting at least 22,000 Web sites and spreading fears of an Internet-wide slowdown. But officials remained hopeful that enough computers were inoculated to avoid major interruptions.
The infection rate seems to be on par with the worm's first outbreak last month, said Alan Paller, research director at the Sans Institute, a computer security think tank working with the government to monitor the Internet. If it continues at its current rate, "We'll see some substantial effects as we did on (July) 19th."
Government officials said the July peak could be reached within the day. The worm has been seen worldwide.
"Based on preliminary analysis, we expect a level of worm activity comparable to the July 19 Code Red infection, which resulted in infection of over 250,000 systems," according to a joint statement from the FBI, White House and other agencies. "It should achieve that level of activity by this afternoon."
While the worm is spreading exponentially, the rate is still slightly declining each hour, prompting officials to be more optimistic that they got the word out in time.
Chad Dougherty, an Internet security analyst at the government-funded Computer Emergency Response Team, said: "It looks like there's a potential for a very large number of machines to be affected.
"We received a few reports of sites that indicated that they were experiencing some limited denial of service," Dougherty said, referring to a slowdown at those sites. He declined to identify the sites or say whether they were owned by the government or private companies.
Early analysis wondered whether the July slowdowns were due to a Baltimore train crash that damaged some fiber-optic lines, but now officials blame the incident on Code Red. Then, the worm had only a day to spread before it was programmed to go into an attack mode against the White House Web site. But now the worm has much more time to do damage.
The worm can spread quickly without human intervention, but does not affect most home computers.
The malicious program can only be stopped if enough Web site operators install Microsoft's software patch, which plugs the security hole the worm uses to attack. FBI officials continued to implore computer users to download the patch.
FBI officials said late Tuesday that over a million people had downloaded the patch from Microsoft, although it was impossible to guess how many computers have actually been fixed.
Experts' predictions ranged from the infection of a million or more computers and a massive Internet slowdown to little effect. The government took few chances, pressing to get as many Web site operators as possible to inoculate their systems before the attack.
Code Red is the most infamous computer worm since the first worm, created in 1988, which took down most of the fledgling Internet.
Experts worried that newly discovered versions of the worm can be reprogrammed to launch crippling attacks on any Web site.
Web site administrators running Microsoft Windows NT and 2000 operating systems, along with the Internet Information Services software, should download the patch from Microsoft's Web site. Users running Windows 95, 98 or Me are not vulnerable.