A mutant version of the infamous CodeRed II worm has emerged in the wild, security experts have warned.
The minor variant of the original CodeRed.F differs in only two bytes of code from the original CodeRed II.
Mutant CodeRed II worm on the loose
CodeRed.F preys on vulnerable Microsoft IIS 4.0 and 5.0 web servers
vnunet.com, 13 Mar 2003
Advertisement
According to antivirus firm Symantec the functional and payload elements of the mutant are substantially the same as its predecessor.
CodeRed.F scans IP addresses for vulnerable Microsoft IIS 4.0 and 5.0 web servers and uses a buffer overflow vulnerability to infect the computers.
The worm then injects itself directly into memory, rather than copying itself as a file on the system.
In addition, CodeRed.F creates a file called Trojan.VirtualRoot which gives the hacker full remote access to the web server.
In order to protect against the worm, Symantec recommends taking the following action:
Users running Microsoft IIS Server should apply the latest Microsoft patch here.
A cumulative patch for IIS, including the four patches released to date, is available here.
In addition, the worm's Trojan.VirtualRoot payload takes advantage of a vulnerability in Windows 2000.
A Microsoft security patch to address this problem and stop the Trojan from re-infecting can be downloaded here.
Tags:
Further reading
Sun and Symantec gang up on intruders
Companies form partnership to produce high-end intrusion detection device
Code Red: internet on red alert
In the aftermath of the Code Red outbreak, experts suggested that the hysteria surrounding the worm may have been at least partly responsible for its failure to bring the internet to its knees. Although some reports were labelled as scaremongering, they may have prompted administrators to harden their servers against attack and ultimately stemmed the spread of the worm. But now a second variant of Code Red has appeared, it remains to be seen if the large number of still unpatched servers out there will help the worm spread further yet.
Code Red wriggles into version two
New variant of Code Red worm is more dangerous than its parent.
Related whitepapers
Related jobs
Most read stories
Most commented stories
Most watched
Summit: How businesses should manage their brands online
In part one of V3.co.uk's interview with Dirk Singer, he dicusses social media monitoring strategies
Analysis and Reports
Remote access - Three steps to getting connected
3.4 million UK professionals now work from home – is your company equipped?
Cost benefits of a global collaboration network
This white paper is a must read for organisations looking for evidence of the bottom-line benefits of high-definition video and voice communications
Advertisement
White paper library
Keep up to date with the latest products, services and technologies from the world's leading IT companies; IThound.com brings you over 6,000 white papers, case studies and analyst reports.
Latest white papers
- The world of voice conferencing: A guide to creating the right environment
- The hidden financial and environmental costs of office printing
- Simplifying communications, serving citizens: unified communications in local government
- Storage choices for virtual server environments
- Global security threats trends - September 2009
Advertisement
Hiring now on ComputingCareers:
Advertisement
Spotlight
Summit: Quiz IBM experts on information strategies
Join our live chat session on Thursday at 11am to...
Researchers take down spam botnet
Researchers from security firm FireEye have been able to effectively...
Advertisements
Secondary navigation
Do you agree?
Have your say on this article