Prepare for Code Red to rear its head again

Prepare for Code Red to rear its head again

By William Jackson

GCN Staff

JULY 30—If you thought the Code Red worm was behind you, think again. The federally funded CERT Coordination Center reports that the self-propagating malicious code, which infected as many as 280,000 computers in a matter of hours on July 19, could come back to life at 8 p.m. EDT tomorrow.

According to the advisory posted at, researchers found that the worm is programmed to go into a propagation mode from the 1st through the 19th of each month beginning at midnight Greenwich Mean Time (8 p.m. EDT). Copies of the worm on infected machines scan the Internet trying to connect to TCP Port 80. On servers running unprotected versions of Microsoft Internet Information Server the worm exploits a buffer overflow in the IIS Indexing Service DLL and installs a copy of itself, which begins scanning for new victims.

Although the code is not programmed to launch denial-of-service attacks until the 20th through the 27th of the month, scanning traffic during the propagation phase could slow Internet service and completely block some addresses.

'Our analysis estimates that starting with a single infected host, the time required to infect all vulnerable IIS servers could be less than 18 hours,' the advisory warns.

Because the worm resides in memory, rebooting a server will eliminate it. To protect from being infected, Microsoft Corp.'s patch for Windows NT 4.0 or Windows 2000 Professional, Server and Advanced Server should be downloaded from the company's Web site at and installed.


  • Russia prying into state, local networks

    A Russian state-sponsored advanced persistent threat actor targeting state, local, territorial and tribal government networks exfiltrated data from at least two victims.

  • Marines on patrol (US Marines)

    Using AVs to tell friend from foe

    The Defense Advanced Research Projects Agency is looking for ways autonomous vehicles can make it easier for commanders to detect and track threats among civilians in complex urban environments without escalating tensions.

Stay Connected