Spacer Sidebar Directory Map

The Training Book, the handbook for trainers

The Technical Writer's Checklist

 

ITrain - International Association of Information Technology Trainers

Code Red Alert

New variant of the worm hits the net today

ITINFO Sponsor

Marketing On Chump Change

Isn't that music to your ears?
Why do most marketing programs cost an arm and a leg?
Quit throwing your hard earned money down a rat hole!

With FastTips Newsletters your clients rave about how smart you are for giving them so much free information.
Oh, and by the way, it won't cost you a fortune.

Click to Stop Wasting Money

Internet Poll
Have you attended a seminar via e-learning?
yes
no

poll archive

New Code Red Variant Attacks Microsoft Webservers

by Dave Murphy
ISSN 1535-3613

Dave Murphy, DGL President & ITrain founder Britain's Home Office (interior ministry) warned computer users on Sunday to beware of a new and potentially more dangerous variant of the Code Red worm. The new attacker exploits the same vulnerability that allowed earlier worms to infect servers, but also installed a Trojan Horse on infected systems, giving full remote control to computer hackers, officials said.

"Computer users may notice some localized disruption on the Internet, the precise scale of which is hard to predict." Britain's Home Office said in a statement. "Depending on how the Trojan Horse is exploited, far more serious disruption is possible. It could be used to attack the Internet infrastructure or to target specific sites."

Code Red infects computers that run Microsoft Windows NT or Windows 2000 and Microsoft IIS (Internet Information Server) web hosting software. An estimated 300,000 computers were infected since August 1, when the worm reactivated itself and started prowling the net looking for new victims.

The Systems Administration, Networking and Security Institute (SANS) said in an advisory on its website that the latest variant of the computer virus seemed to leave a "back door" in infected systems that made them easy for an intruder to infiltrate.

The Internet security website said the most obvious difference between previous variants of Code Red and the latest one was that webserver logs will record a GET request containing "XXXXXX" instead of the familiar "NNNNNN" of the first Code Red.

Dave's Opinion

Code Red first became a threat in mid-July, when the worm hit some 350,000 machines, including the official White House website.

The popular Linux operating system and Apache webserver aren't at risk for attack by the Code Red worm. The worm uses security holes in Microsoft's software to gain access to the system resources. Microsoft has posted patches that will plug the holes targeted by Code Red. Network administrators who are lax at applying the patches are leaving the back door wide open to their webserver and the files stored on other servers.

Call for Comments

What do you think? Leave your comments on the message center.

References

Microsoft
SANS
White House
Message Center

Subscribe to ITINFO.
Receive computing and Internet news & tips
by subscribing to the ITINFO information service.
Type your Internet email address in the form, and click "Subscribe."
Email Address:

Damar Group, Ltd. helps business use technology.

ITINFO is again accepting sponsors. Sponsor messages are included in ITINFO's email newsletter and are permanently posted to DGL's website and online reference areas.

ITINFO is an electronic publication of Damar Group, Ltd., publisher of Training Express computer learning guides. Comments and submissions to info@dgl.com.

Previous issues are on our website at http://dgl.com/itinfo/.

updated August 6, 2001
http://dgl.com/itinfo/2001/it010806.html

Return to DGL homepage
Copyright © 2001, Damar Group, Ltd., All Rights Reserved