Mutant CodeRed II worm on the loose

CodeRed.F preys on vulnerable Microsoft IIS 4.0 and 5.0 web servers

Robert Jaques

vnunet.com, 13 Mar 2003

A mutant version of the infamous CodeRed II worm has emerged in the wild, security experts have warned.

The minor variant of the original CodeRed.F differs in only two bytes of code from the original CodeRed II.

Advertisement

According to antivirus firm Symantec the functional and payload elements of the mutant are substantially the same as its predecessor.

CodeRed.F scans IP addresses for vulnerable Microsoft IIS 4.0 and 5.0 web servers and uses a buffer overflow vulnerability to infect the computers.

The worm then injects itself directly into memory, rather than copying itself as a file on the system.

In addition, CodeRed.F creates a file called Trojan.VirtualRoot which gives the hacker full remote access to the web server.

In order to protect against the worm, Symantec recommends taking the following action:

Users running Microsoft IIS Server should apply the latest Microsoft patch here.

A cumulative patch for IIS, including the four patches released to date, is available here.

In addition, the worm's Trojan.VirtualRoot payload takes advantage of a vulnerability in Windows 2000.

A Microsoft security patch to address this problem and stop the Trojan from re-infecting can be downloaded here.

  • Have your say
  • Send to a friend
  • Print
  • Digg
  • Reddit
  • Share

Tags:

Do you agree?

Have your say on this article

Further reading

Sun and Symantec gang up on intruders

Companies form partnership to produce high-end intrusion detection device

FBI checks out Code Red suspects

Warnings of second Code Red variant

Code Red: internet on red alert

In the aftermath of the Code Red outbreak, experts suggested that the hysteria surrounding the worm may have been at least partly responsible for its failure to bring the internet to its knees. Although some reports were labelled as scaremongering, they may have prompted administrators to harden their servers against attack and ultimately stemmed the spread of the worm. But now a second variant of Code Red has appeared, it remains to be seen if the large number of still unpatched servers out there will help the worm spread further yet.

Code Red wriggles into version two

New variant of Code Red worm is more dangerous than its parent.

Related whitepapers

Related jobs

Most watched

iPhone

Video Review: iPhone 3GS

We put Apple's latest iPhone through its paces

Xperia X1

Video Review: Sony Ericsson Xperia X1

First Looks Editor Ian Williams gets hands on with the Sony Ericsson Xperia X1

More video

IT white papers

Search white papers

Top categories

Poll

Poll: Summer smartphones

Poll: Summer smartphones

Which smartphone will you be taking to the beach this summer?

View poll results

Advertisement

Advertisement

Newsletter signup

Sign up for our range of FREE newsletters:

  • More available - 'submit' to view

Existing User

Newsletter user login:

Enter email address to edit your newsletter preferences

Job of the week

More IT jobs

Search thousands of IT jobs :

Search thousands of IT jobs:

Advanced search

Hiring now on ComputingCareers:

Related IT jobs

More IT jobs

Search thousands of IT jobs :

Search thousands of IT jobs:

Advanced search

Spotlight

iPhone

Video Review: iPhone 3GS

We put Apple's latest iPhone through its paces

old computer

Government honours veterans of Bletchley Park at last

Surviving veterans of the code-breaking facility to receive badge of...

Motorola MC55 Enterprise Digital Assistant

Review: Motorola MC55 Enterprise Digital Assistant

A rugged Windows Mobile device for mobile workers

BT

BT promises 1.5m fibre connections by summer 2010

Telco begins major rollout in 69 locations across the UK

Primary Navigation