All the latest UK technology news, reviews and analysis
|
|
|
06 Aug 2001
The internet was hit by a new variant of the Code Red worm over the weekend, which this time round gives full control of the infected machine to an attacker.
Although there is some dispute over whether this is the second or third variant of the worm, one thing the experts do agree on is that its payload is more destructive this second time around.
Further reading
The Home Office has jumped on the bandwagon and issued a warning about the "more dangerous" variant of the worm.
The Government's Unified Incident Reporting and Alert Scheme (UNIRAS) said that serious disruption is possible if hackers exploit their control of the infected computer systems to attack the internet's structure or to target specific sites.
However, the Home Office release was less hysterical than the original warning from the US government and the FBI.
UNIRAS acknowledged that the spread of the worm was "unlikely to significantly affect the whole internet infrastructure."
Analysis of the latest Code Red variant has revealed that it uses the same injection vector as the original worm, and also attempts to propagate to other Windows 2000 and NT 4 servers.
However, once the worm has infected a machine, it will also drop a Trojan horse, which installs a backdoor into explorer.exe, allowing a remote attacker access and control of the machine.
This means that unlike the first variant of Code Red, which could be removed by rebooting the computer, the Trojan will be loaded each time the machine is switched on.
Ian Hameroff, business manager of security solutions at Computer Associates, said: "What we're seeing is the development of a trend whereby a successful malware attack such as Code Red often resurfaces in new forms, building on the capabilities of the previous attack."
He said that "administrators should continue to stay abreast of the vulnerabilities that may affect critical computing assets."
But despite the new tricks used by the worm, this variant of Code Red can still be defended against by installing the original patch from the Microsoft web site, available here.
Latest stories from Security
Related articles
Related jobs
Poll
What is the most important IT priority for your company this year?
Sneak peek at the forthcoming glass-based machine
Connect with V3.co.uk
This paper focuses on a series of best practices and techniques for development teams looking to improve their software development processes
Why good data management at all levels is essential in the modern business (video, 6mins)
Software Design Architect (Windows Database Application...
Lead Java Developer - Fast growing, young and international...
Job Specification Graduate Support Engineer...
Job Specification For: Software Developer...
Keep up to date with the latest products, services and technologies from the world's leading IT companies. IThound.com brings you over 2,000 white papers, case studies and analyst reports.
Do you agree?