A worm bearing strong similarities to the sadmind virus, which hit over 9000 IIS websites back in May, has been doing the rounds, exploiting a vulnerability which is over a month old.
The worm exploits a known buffer overflow vulnerability - an ISAPI extension in the Index Server of Windows 2000 and XP beta - for which Microsoft released a patch in June that it believed had fixed the problem.
However, EEye Digital Security claims to have discovered the new variant which it calls 'Code Red' because "part of the worm is designed to deface web pages with the text 'Hacked by Chinese'".
Once the worm infects an IIS machine it produces 100 new threads, or copies of itself, which scan the internet looking for more IIS machines with the same vulnerability that it can then infect and turn into more agents. It is a trait shared by the sadmind worm.
Code Red also defaces the host website with the message: "Hello! Welcome to http://www.worm.com! Hacked by Chinese!".
EEye claims that one infected host received connection attempts from over five thousand IIS 5 web servers trying to exploit the vulnerability, indicating that thousands of web servers could be infected.
The Microsoft patch for the vulnerability is available here.
Cotton seedling freezes to death as Chang'e-4 shuts down for the Moon's 14-day lunar night
Fortnite easily out-earns PUBG, Assassin's Creed Odyssey and Red Dead Redemption 2 in 2018
Meteor showers as a service will be visible for about 100 kilometres in all directions
Saturn's rings only formed in the past 100 million years, suggests analysis of Cassini space probe data
New findings contradict conventional belief that Saturn's rings were formed along with the planet about 4.5 billion years ago