Code Red offshoot packs mild punch
Code Red.F, which differs from the original Code Red by only two bytes, began spreading Tuesday, according to reports from security software makers Symantec, McAfee and F-Secure. The new variant is detected by existing virus signatures for Code Red, according to the companies, and is blocked by patches for Microsoft's Internet Information Server (IIS), which most administrators installed before or during the original Code Red outbreak.
The original Code Red wreaked widespread havoc during the summer of 2001, infecting more than 350,000 Web servers running IIS. The infected servers were used to spread the worm and to launch a denial-of-service attack on the main Web site for the White House.
The first sequel to Code Red also caused widespread damage, but subsequent variations on the worm packed a minor punch, largely because the IIS hole the worm exploits had already been patched.
[ Read more ]
- Virus: IIS-Worm.CodeRed (a.k.a. "Code Red", "Bady") (4 May 2002)