RealTime IT News

Turning the CodeRedWorm into Profits

While the Federal Bureau of Investigation and network security advocates are busy mobilizing IT managers around the country for the upcoming outbreak of the Code Red Worm, one resourceful Web site operator from the Utrecht in the Netherlands stands to make a hefty bounty.

Michel de Rooij, 30, last week registered the www.coderedworm.com URL and is now redirecting the traffic to a porn site.

In an email interview with InternetNews.com, de Rooij said that he got the idea after recently browsing the Google web directory.

"I then found a party which was interested in short-term potential traffic, so I leased coderedworm.com to them," he wrote.

Publicity too much to pass up
The Code Red Worm is set to re-emerge from its slumber at 8 pm EDT tonight. It propagates rapidly by spawning 100 threads that scan the Internet for vulnerable servers and installing itself on those systems. As the worm multiplies and the scanning escalates, this so-called "denial of service" attack causes massive latency across the Internet.

Microsoft and network security advocates have been sounding the alarm to patch up web servers ever since the worm first attacked in mid-July. On July 19, it infected 250,000 server computers running Microsoft's IIS 4.0 and 5.0 Web server software in about nine hours.

Now, on the eve of its return, even the Feds have chimed in and every news organization from the hi-tech trade pubs to the mainstream TV news networks are covering the story like it's the second-coming of the Y2K bug. The publicity was too much for one Dutch native to pass up.

"By then 'Code Red Worm' got a lot of media attention ... so I looked if www.coderedworm.com was available. Much to my surprise, it was so I immediately registered it," de Rooij said in his email.

According to the registar's WHOIS database listing, the Code Red Worm URL was registered on Thursday, July 26, and is set to expire in a year. In his filing, de Rooij directed emails to his Web site where a copy of his resume can be found.

de Rooij certainly demonstrates the technical capabilities to comprehend the full impact of the worm. As a senior network engineer and Windows NT consultant, the Dutch native graduated from Higher School of Informatics (HIO) and is certified in Windows NT and Windows 2000.

However, while familiar with the worm's impact, de Rooij said he didn't know about its origins. The worm defaces English-language Web sites with a page that reads: "Hello! Welcome to http://www.worm.com! Hacked By Chinese!" According to Reuters, Chinese officials have tried to distance themselves from the worm saying it was probably not made in China.

While de Rooij doesn't own the www.worm.com URL, he does owns other domains such as BillFirm.com, XPSec.com, OnlineTune.com and DrugsAdvisory.com, which he sometimes offers for lease on Afternic.com.

"I have little or no time building the site I had in mind for those URLs," he said.