Code Red: Worm poised to strike again

A consortium of companies, institutions and government agencies warned organizations running Internet Information Services to protect their Windows NT and Windows 2000 systems against the Code Red Worm before Tuesday night.

The worm, which infected 250,000 systems within a few days of its emergence in mid-July, exploits a buffer overflow in Microsoft's Index Server 2.0.

While Microsoft issued a patch for that buffer overflow back in June, the number of machines affected indicated that patch was not widely deployed.

"Code Red is likely to start spreading again on July 31, 2001 8:00 PM EDT and has mutated so that it may be even more dangerous," according to the bulletin issued by Microsoft Corp., The National Infrastructure Protection Center, CERT Coordination Center, SANS Institute and four other organizations.

The worm's behavior of infecting systems and then using the systems' resources to scan the Internet for other vulnerable systems has the potential to decrease the speed of the Internet and cause outages.

The original Code Red was written to spend the first 19 days of the calendar month scanning for vulnerable systems. The worm was set to spend the next nine days in a denial-of-service attack against, although government IT officials redirected the Web site to avoid the attack.

The worm also defaced English-language Web sites of infected hosts with the message: "Welcome to! Hacked by Chinese!" Because the worm lived in memory, IT administrators can rid their machines of the current worm by rebooting. Protecting the system from re-infection requires the installation of Microsoft's patch.

The original Code Red worm apparently only defaced Web pages on affected systems, but the denial-of-service vulnerability could be used for more nefarious purposes if the hole is not patched because it gives an attacker complete control of the victim system.

Related Articles:
IIS Web Servers Hacked Over the Weekend (July 17)

About the Author

Scott Bekker is editor in chief of Redmond Channel Partner magazine.


  • Get More Out of Your Outlook Inbox with TakeNote

    Brien comes across a handy, but imperfect, feature in Outlook that lets you annotate specific e-mails. Its provenance is something of a mystery, though.

  • Microsoft Resumes Rerelease of Windows 10 Version 1809

    Microsoft on Wednesday once more resumed its general rollout of the Windows 10 version 1809 upgrade, also known as the "October 2018 Update."

  • Microsoft Ups Its Windows 10 App Compatibility Assurances

    Microsoft gave assurances this week that organizations adopting Windows 10 likely won't face application compatibility issues.

  • SharePoint Online Users To Get 'Modern' UI Push in April

    Microsoft plans to alter some of the tenant-level blocking capabilities that may have been set up by organizations and deliver its so-called "modern" user interface (UI) to Lists and Libraries for SharePoint Online users, starting in April.

comments powered by Disqus
Most   Popular

Office 365 Watch

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.