Turning the CodeRedWorm into Profits

Michel de Rooij, 30, last week registered the www.coderedworm.com URL and is now redirecting the traffic to a porn site. In an email interview with InternetNews.com, de Rooij said that he got the idea after recently browsing the Google web directory. "I then found a party which was interested in short-term potential traffic, so I leased coderedworm.com to them," he wrote. The Code Red Worm is set to re-emerge from its slumber at 8 pm EDT tonight. It propagates rapidly by spawning 100 threads that scan the Internet for vulnerable servers and installing itself on those systems. As the worm multiplies and the scanning escalates, this so-called "denial of service" attack causes massive latency across the Internet. Microsoft and network security advocates have been sounding the alarm to patch up web servers ever since the worm first attacked in mid-July. On July 19, it infected 250,000 server computers running Microsoft's IIS 4.0 and 5.0 Web server software in about nine hours. Now, on the eve of its return, even the Feds have chimed in and every news organization from the hi-tech trade pubs to the mainstream TV news networks are covering the story like it's the second-coming of the Y2K bug. The publicity was too much for one Dutch native to pass up. According to the registar's WHOIS database listing, the Code Red Worm URL was registered on Thursday, July 26, and is set to expire in a year. In his filing, de Rooij directed emails to his Web site where a copy of his resume can be found. de Rooij certainly demonstrates the technical capabilities to comprehend the full impact of the worm. As a senior network engineer and Windows NT consultant, the Dutch native graduated from Higher School of Informatics (HIO) and is certified in Windows NT and Windows 2000.