Skip to main content /TECH with /TECH

New 'Code Red'-like worm detected

Home users running Windows 95, 98 or Me not vulnerable

Home users running Windows 95, 98 or Me not vulnerable

ATLANTA, Georgia (CNN) -- A new computer worm similar to "Code Red" is spreading, Internet security specialists reported late Sunday.

Although some assessments initially characterized the worm as a variant of the original Code Red, the Associated Press later reported that "Code Red II" -- or "CodeRed.C" or "Version 3," as Symantec termed it -- is not a variant of the original Code Red.

Symantec, one of the leading commercial computer security houses, said it had received reports of a high number of infected Web servers. "We are assessing CodeRed.C to be a high threat," it said.

And a Web site operated by the SANS (System Administration, Networking, and Security) Institute warned of a new worm similar to Code Red. The SANS "handlers," or threat-assessment technicians, began logging reports of the new worm on Saturday.

"Preliminary experiments indicate that the new worm installs a back door on infected servers," read the alert.

Critics want software makers, like Microsoft, to protect consumers from computer bugs. CNN's David George reports (August 1)

Play video
(QuickTime, Real or Windows Media)
MORE STORIES Why worms like 'Code Red' are good for you  
Message board: 'Code Red' worm  

"This makes the computer available to whoever wants to get in," Russ Cooper told The Associated Press. Cooper is surgeon general for TruSecure Corp., a computer security firm. "Anyone who finds one of these boxes can do anything they want to it. It won't affect machines that have already been patched," he said. "Anyone who took precautions against Code Red should be safe against Code Red II," or CodeRed.C in Symantec's terminology.

Symantec recommends that system administrators who haven't already installed a patch from Microsoft to protect computers from the new worm do so now.

A computer worm is a program that propagates and infects by copying itself onto other machines. This distinguishes it from a computer virus which cannot "deliver" itself but must be activated by a user's response to its arrival, usually in e-mail.

The Code Red worm affects only computers running Microsoft's Internet Information Services (IIS) software on Windows NT 4.0 or Windows 2000 operating systems. CodeRed.C or Code Red II is said to have the same limitations.

That software and those operating systems are primarily used by businesses, so home users running Windows 95, 98 or Me are not vulnerable. But those users' access to the Internet could be significantly slowed down by the worm because its massive propagation can create a virtual traffic jam online.

Business systems infected by the worm may see further degradation of performance and some system instability because of it, computer experts say.

When the Code Red worm made its debut last month, it swept through more than 250,000 computers in nine hours. In its attack phase, it forced the White House to take evasive action and prompted the Pentagon to take its public Web sites off-line temporarily. Code Red unleashed itself again last Tuesday, reopening its initial propagation phase.

• Riptech
• Microsoft Security Patch
• Code Red technical data
• National Infrastructure Protection Center
• Spread of the Code Red worm, (UC San Diego)

Note: Pages will open in a new browser window
External sites are not endorsed by CNN Interactive.


Back to the top