Code Red means there's a framework for a worm out there right now that has proven its effectiveness to spread. All [virus writers] need is a new vulnerability.

Simple. A new vulnerability came out. The number of IIS 4 servers out there is a lot less than the number of IIS 5 servers. So when the IIS 5 vulnerability was announced, it made sense for the author to adapt his worm for that. People assumed it was a new exploit and it was not.

I hope they understand the severity of (of the violations). This is a very dangerous situation they are in.

By then, we had already seen the worm about four times and we knew which five IP addresses it was going to go after first. By Sunday morning we were seeing 3200 attacks an hour from machines trying to run the exploit on our box. That's a lot of attacks.

Each time it happened we gave a heads-up to CIAC and the FBI. We never heard anything back. We just make the reports; what they do with the info after that is up to them.