It's Back: Code Red II Strikes 2It's Back: Code Red II Strikes 2

The most aggressive version of the Code Red worm to date struck this weekend. SecurityFocus' Attack Registry & Intelligence Service (ARIS) discovered rapid infections beginning late Saturday evening.

An analysis conducted by eEye Digital Security showed that while the worm uses the same method to infect servers running Microsoft's Internet Information Services software, this version packs a potentially more powerful wallop. This worm drops a Trojan program, which creates a "back door," or a way for the attacker to gain access to the infected server at a later date.

According to Elias Levy, chief technology officer of SecurityFocus, this version, Code Red II, has a much higher attack rate. While the original Code Red worm spawned 100 scanning threads, this version spawns 300 or 600, enabling it to locate potential servers to infect much more quickly.

Early estimates show the worm infected more than 135,000 systems over the weekend.

Experts say the companies that have patched their Microsoft 2000 and NT servers are safe from this threat.