Click for Philadelphia, Pennsylvania Forecast


Code Red Alert: Preventing a Computer Worm

The Code Red worm infected a number of Microsoft Windows systems at Penn this summer. As people return this fall we expect a resurgence. Code Red I uses your system to attack other computers. A later variant, Code Red II, creates "back doors" on your system, allowing anyone to view your passwords and read or delete your files. Code Red II is extremely difficult to remove, requiring that you re-install Windows. A worm is unlike computer viruses, which require some action to spread. For example, a virus spreads when you click on an infected e-mail attachment. Worms spread by themselves.

Code Red is preventable. Information Systems and Computing (ISC) reminds everyone at Penn to protect their system by following these steps:

  1. Determine if your system is vulnerable. All PCs running Windows NT (Server & Workstation) and Windows 2000 (Server & Professional) are vulnerable. PCs running Windows 95, Windows 98, Windows Millennium Edition or UNIX/Linux cannot be infected by either Code Red version. Macintosh and UNIX systems cannot be infected.
  2. Apply the patch.To protect your system from Code Red, you must install patches using instructions at:
    Windows 2000 users must first install Windows 2000 Service Pack 2 before installing the above patches. To install Service Pack 2, choose "Windows Update" from the Start Menu, and follow the link for Service Pack 2.
  3. Find out if your system has been infected. Norton Anti Virus (NAV) will not prevent infection (you need the patch for that), nor will it detect Code Red I. But it will detect Code Red II. Install NAV and then run a full scan. To install and configure NAV, see: Also, if your system has been infected by Code Red II, you will find a file called C:\Inetpub\scripts\root.exe on your hard drive. (If you have drives other than C:, you should check them as well).
  4. Clean your computer if it has been infected. To clean infected computers, follow the instructions at:


NOTE: Infected machines must be reformatted and reloaded with original software to remove the worm.

Network Disconnection: ISC will disable PennNet network ports for any machines infected with Code Red.

Computing Assistance

Students in College Houses: Contact your information technology advisor (ITA). See

Students living off-campus, in Sansom East and West, and in the Greek houses: Contact First Call (215) 573-4778 or visit the Computing Resource Center (CRC), M-F from 1-4:30 p.m., at Suite 202 Sansom Place West.

Faculty and staff: Contact your local support provider (LSP). If you don*t know who your local support provider is, consult

--Dave Millar, University Information Security Officer, Data Administration

Almanac, Vol. 48, No. 3, September 11, 2001


September 11, 2001
Volume 48 Number 3

Dr. Afaf Meleis--a prominent medical sociologist and specialist in women's health issues--will become the Dean of the School of Nursing in January.
Dr. Richard Gelles--a leading researcher in the study of family violence has been named Interim Dean of the School of Social Work.
Lucy Momjian is now Associate Vice President for Finance and Treasury Management.
Jack Shannon is named Associate Vice President in the Office of the Executive Vice President.
Dr. Battistini, director of Penn Health for Women, dies in a motor vehicle accident.
Convocation 2001: President Judith Rodin and Provost Robert Barchi welcome the Class of 2005.
Council Year-end Committee Reports: Admissions and Financial Aid as well as Recreation and Intercollegiate Athletics are both on the agenda of this week's Council Meeting.
Penn moves up in the latest U.S. News rankings of the nation's best universities to its highest ever ranking.
A noisy night in the neighborhood prompted a Speaking Out letter and two responses.
Code Red Alert: Preventing a computer worm is possible with these steps.
The Models of Excellence program wants nominations to recognize staff achievements from the previous academic year.