It's Back: Code Red II StrikesIt's Back: Code Red II Strikes

Code Red II strikes.

information Staff, Contributor

August 6, 2001

2 Min Read
information logo in a gray background | information

Businesses that neglected to patch security holes in their Microsoft 2000 and NT servers last week are feeling the effects of the most aggressive version of the Code Red worm to date, which struck this weekend. SecurityFocus' Attack Registry & Intelligence Service (ARIS) discovered rapid infections beginning late Saturday evening.

An analysis conducted by eEye Digital Security showed that while the worm uses the same method to infect servers running Microsoft's Internet Information Services software, this version packs a potentially more powerful wallop. Code Red II drops a Trojan program, which creates a "back door," or a way for the attacker to gain access to the infected server at a later date. According to Elias Levy, chief technology officer of SecurityFocus, Code Red II has a much higher attack rate. While the original Code Red worm spawned 100 scanning threads, this version spawns 300 or 600 threads, letting it locate potential servers to infect much more quickly.

Experts say the companies that have patched their Microsoft 2000 and NT servers are safe from the worm, which infected more than 135,000 systems over the weekend, but even more should be done. "Patches are effective in terms of preventing infection, but system administrators still need to remove the file or back door by using antivirus software," says Stephen Trilling, director of research at the Symantec AntiVirus Research Center (SARC).

"The most common security break-ins are through known security holes," Trilling adds. When software manufacturers develop a patch for vulnerability in their software, "they announce it to their customers as well as to all the malicious people who want to take advantage of it," Trilling says.

Gartner research director John Pescatore says he's advising his clients to put intrusion prevention software on their IIS Web servers, which he considers to be "horrible from a security perspective." Pescatore also advises his clients to address security issues regularly instead of waiting for an attack to throw them into action. "Don't rely on 'we'll do better next time'," he says. "Leave your snow tires on the Web servers all year round, because hackers don't go by seasons."

Read more about:

20012001

About the Author

information Staff

information Staff

Contributor

See more from information Staff
Never Miss a Beat: Get a snapshot of the issues affecting the IT industry straight to your inbox.
SIGN-UP

You May Also Like

More Insights
Webinars
More Webinars
Reports
More Reports

Editor's Choice

A group of smiling college graduates celebrating their graduation.
IT Leadership
Why Liberal Arts Grads Could Be the Best Programmers of the AI Era
Why Liberal Arts Grads Could Be the Best Programmers of the AI Era

Jan 17, 2025

Flame front of the Eaton Fire on the first night during the January 2025 California wildfires in Altadena and Los Angeles
IT Sectors
How Tech Supports the Emergency Response to the LA County Wildfires
How Tech Supports the Emergency Response to the LA County Wildfires

Jan 16, 2025

Graphic Pop Art style Illustration of Keanu Reeves as NEO from the film, The Matrix
IT Infrastructure
Y2K and Infrastructure Resilience 25 Years Later
Y2K and Infrastructure Resilience 25 Years Later

Jan 7, 2025

Young businessman working on a virtual screen of the future and sees the inscription: Now hiring
IT Leadership
Help Wanted: IT Hiring Trends in 2025
Help Wanted: IT Hiring Trends in 2025

Nov 20, 2024

Cobol programming language software development concept on vitual screen.
IT Leadership
Untangling Enterprise Reliance on Legacy Systems
Untangling Enterprise Reliance on Legacy Systems

Jan 21, 2025

Webinars
More Webinars
White Papers
More White Papers
Reports
More Reports