Code Red Round 2: Infected Servers Piling Up

An organization monitoring the number of servers infected by the Code Red Worm was reporting Thursday afternoon that the total nearly rivaled all the servers infected in the worm's first round.

The SANS Internet Storm Center reported that 276,237 servers were infected Aug. 1. In its original July outbreak, the worm infected 280,391 hosts, according to the center.

The Code Red worm affects Internet Information Server/Services version 4.0 and 5.0 running on Windows NT and Windows 2000. Once a machine is infected, it spends the first 19 calendar days of the month scanning other machines for vulnerability to infection. The next nine days are dedicated to a denial-of-service attack against the White House Web site.

The worm emerged in mid-July but only ran wild for a few days or a week before its self-coded date for cutting off its port scanning activity. The vulnerability it relies upon in IIS was discovered and patched in June.

U.S. government agencies, security organizations and companies unleashed a massive education campaign in late July to try to get system administrators to patch their systems before the worm resurfaced at the beginning of this month. Some observers say many of the IIS systems infected in this most recent outbreak are located in Asia.

About the Author

Scott Bekker is editor in chief of Redmond Channel Partner magazine.


  • Azure Edge Zones Hit Preview

    Azure Edge Zones, a new edge computing technology from Microsoft designed to enable new scenarios for developers and partners, emerged as a preview release this week.

  • Microsoft Shifts 2020 Events To Be Online Only

    Microsoft is shifting its big events this year to be online only, including Ignite 2020.

  • Microsoft Browser Support for TLS 1.0 and 1.1 Ending 2H 2020

    Microsoft announced on Tuesday that its plans to drop support for Transport Layer Security (TLS) protocols 1.0 and 1.1 in its browsers will get delayed by a few months until the second half of this year.

  • Attackers Using Excel Read-Only Files To Obscure Malware

    Attackers can attempt to hide malicious payloads in Excel files sent by e-mail by using a standard Excel feature, according to a Tuesday post by Mimecast researchers.

comments powered by Disqus

Office 365 Watch

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.