ITrain Homepage

Site Directory
Membership
Train-the-Trainer
Trainer Certification
Certified Training Materials
ITinfo E-zine
Responsible Training
White Papers
Trainer Resources
What's New
Speaking Engagements
Onsite Training
ITrain Gear



Popular Links
Speaking Engagements
Training Manuals
Certification
Train the Trainer
The Training Book
Technical Writing
Privacy Policy

Print this document

Google
Web ITrain.org

Code Red Alert

New variant of the worm hits the net today

ITinfo Sponsor

ERROR: Random File Unopenable

ERROR: Random File Unopenable

The random file, as specified in the $random_file perl variable was unopenable.

The file was not found on your file system. This means that it has either not been created or the path you have specified in $trrandom_file is incorrect.

New Code Red Variant Attacks Microsoft Webservers

by Dave Murphy
ISSN 1535-3613

Dave Murphy, ITrain founder Britain's Home Office (interior ministry) warned computer users on Sunday to beware of a new and potentially more dangerous variant of the Code Red worm. The new attacker exploits the same vulnerability that allowed earlier worms to infect servers, but also installed a Trojan Horse on infected systems, giving full remote control to computer hackers, officials said.

"Computer users may notice some localized disruption on the Internet, the precise scale of which is hard to predict." Britain's Home Office said in a statement. "Depending on how the Trojan Horse is exploited, far more serious disruption is possible. It could be used to attack the Internet infrastructure or to target specific sites."

Code Red infects computers that run Microsoft Windows NT or Windows 2000 and Microsoft IIS (Internet Information Server) web hosting software. An estimated 300,000 computers were infected since August 1, when the worm reactivated itself and started prowling the net looking for new victims.

The Systems Administration, Networking and Security Institute (SANS) said in an advisory on its website that the latest variant of the computer virus seemed to leave a "back door" in infected systems that made them easy for an intruder to infiltrate.

The Internet security website said the most obvious difference between previous variants of Code Red and the latest one was that webserver logs will record a GET request containing "XXXXXX" instead of the familiar "NNNNNN" of the first Code Red.

Dave's Opinion

Code Red first became a threat in mid-July, when the worm hit some 350,000 machines, including the official White House website.

The popular Linux operating system and Apache webserver aren't at risk for attack by the Code Red worm. The worm uses security holes in Microsoft's software to gain access to the system resources. Microsoft has posted patches that will plug the holes targeted by Code Red. Network administrators who are lax at applying the patches are leaving the back door wide open to their webserver and the files stored on other servers.

Call for Comments

What do you think? Leave your comments on the message center.

References

Microsoft
SANS
White House
Message Center

Subscribe to ITinfo.
Receive computing and Internet news & tips
by subscribing to the ITinfo information service.
Type your Internet email address in the form, and click "Subscribe."
Email Address:

Previous issues are on our website at http://itrain.org/itinfo/.

International Association of Information Technology Trainers
PMB 616
6030-M Marshalee Dr
Elkridge, MD 21075-5987

410.567.5366
1.888.290.6200
fax: 801.650.0423
Membership Director: member@itrain.org

Return to ITrain Homepage

Copyright © 2001 International Association of Information Technology Trainers, Ltd., All Rights Reserved

http://itrain.org/itinfo/2001/it010806.html
updated August 6, 2001