A worm bearing strong similarities to the sadmind virus, which hit over 9000 IIS websites back in May, has been doing the rounds, exploiting a vulnerability which is over a month old.
The worm exploits a known buffer overflow vulnerability - an ISAPI extension in the Index Server of Windows 2000 and XP beta - for which Microsoft released a patch in June that it believed had fixed the problem.
However, EEye Digital Security claims to have discovered the new variant which it calls 'Code Red' because "part of the worm is designed to deface web pages with the text 'Hacked by Chinese'".
Once the worm infects an IIS machine it produces 100 new threads, or copies of itself, which scan the internet looking for more IIS machines with the same vulnerability that it can then infect and turn into more agents. It is a trait shared by the sadmind worm.
Code Red also defaces the host website with the message: "Hello! Welcome to http://www.worm.com! Hacked by Chinese!".
EEye claims that one infected host received connection attempts from over five thousand IIS 5 web servers trying to exploit the vulnerability, indicating that thousands of web servers could be infected.
The Microsoft patch for the vulnerability is available here.
New technique could enable quantum computers to scale-up to millions of qubits
Systrom and Krieger taking time off "to explore our curiosity and creativity"
Comcast's £29.7bn winning bid more than twice the £13.7bn Rupert Murdoch valued Sky at just eight years ago
A nuclear strike has been considered, but Bruce Willis is nowhere in sight