By early afternoon in the US yesterday, Code Red had infected servers responsible for at least 127,000 Web sites, according to the SANS Institute, a computer security think-tank. New infections were happening at the rate of more than 50,000 per hour, although the rate of growth had slowed markedly.
Network administrators and security experts originally braced for a slowdown shortly after 10am AEDT, Wednesday, when the worm was set to emerge from an inactive state and flood the Internet as it searched for new servers to infect.
Most Web sites were functioning normally yesterday, but security experts said there were new signs the worm was gathering speed. But exactly how many servers the worm will send itself to -- and therefore how fast it spreads -- was still being debated by security experts.
The Computer Emergency Response Team (CERT), an organisation that tracks security issues, said in a statement that it has "begun receiving reports of increasing Code Red scanning activity." CERT experts believe the worm is spreading exponentially.
The FBI's National Infrastructure Protection Centre (NIPC) also projected the worm will be spreading at a rapid clip.
"Based on our preliminary analysis, we expect to see the activity of this particular worm to compare to the July 19th infection," said Deborah Weierman, a spokeswoman for government's National Infrastructure Protection Centre. "At the time, it resulted in over 250,000 infections on systems. Today, we believe that should be achieved by this afternoon."
"Early reports of activity spanning the entire globe, including the United States, indicate that the worm has gone active and is presently spreading throughout the Internet," the FBI said in a statement. "We are hopeful that the many precautions taken by the public, the government and private industry will have some effect on its ability to propagate."
The Code Red worm -- named after a hyper-caffeinated, cherry-flavoured Mountain Dew drink popular with computer programmers -- infected servers around the world last month and launched a massive denial-of-service attack against the White House's Web site.
