Prepare for Code Red to rear its head again

Prepare for Code Red to rear its head again

By William Jackson

GCN Staff

JULY 30—If you thought the Code Red worm was behind you, think again. The federally funded CERT Coordination Center reports that the self-propagating malicious code, which infected as many as 280,000 computers in a matter of hours on July 19, could come back to life at 8 p.m. EDT tomorrow.

According to the advisory posted at, researchers found that the worm is programmed to go into a propagation mode from the 1st through the 19th of each month beginning at midnight Greenwich Mean Time (8 p.m. EDT). Copies of the worm on infected machines scan the Internet trying to connect to TCP Port 80. On servers running unprotected versions of Microsoft Internet Information Server the worm exploits a buffer overflow in the IIS Indexing Service DLL and installs a copy of itself, which begins scanning for new victims.

Although the code is not programmed to launch denial-of-service attacks until the 20th through the 27th of the month, scanning traffic during the propagation phase could slow Internet service and completely block some addresses.

'Our analysis estimates that starting with a single infected host, the time required to infect all vulnerable IIS servers could be less than 18 hours,' the advisory warns.

Because the worm resides in memory, rebooting a server will eliminate it. To protect from being infected, Microsoft Corp.'s patch for Windows NT 4.0 or Windows 2000 Professional, Server and Advanced Server should be downloaded from the company's Web site at and installed.


  • Records management: Look beyond the NARA mandates

    Pandemic tests electronic records management

    Between the rush enable more virtual collaboration, stalled digitization of archived records and managing records that reside in datasets, records management executives are sorting through new challenges.

  • boy learning at home (Travelpixs/

    Tucson’s community wireless bridges the digital divide

    The city built cell sites at government-owned facilities such as fire departments and libraries that were already connected to Tucson’s existing fiber backbone.

Stay Connected