Son-of-Code-Red brings new risk to vulnerable servers

Son-of-Code-Red brings new risk to vulnerable servers

A new Internet worm that exploits the same vulnerability as Code Red is installing back doors on servers that leave infected machines wide open to future exploitation.

Although the new worm could be more dangerous than Code Red, the same patch that fixes the vulnerability in Microsoft's Internet Information Services software can thwart it. Most agencies have patched their systems and weathered the Code Red resurgence over the past week with only one reported infection, said Lawrence Hale, director of liaison for the Federal Computer Incident Response Team.

'The government was well-prepared for last week's propagation phase of Code Red,' Hale said. 'The same machines should be safe from the new variant. But for those machines that are not patched, the stakes have increased.'

The new worm seems to affect primarily systems running Windows 2000 and IIS. Rebooting infected machines can eliminate Code Red, but this will not remove the Trojan back door left by the new worm.

Because the malicious code can disguise itself and locating it can be difficult, the best course of action for servers running the vulnerable software is to reformat the hard drive and reinstall the operating system with the Microsoft patch, Hale said.

About the Author

William Jackson is a Maryland-based freelance writer.


  • business meeting (Monkey Business Images/

    Civic tech volunteers help states with legacy systems

    As COVID-19 exposed vulnerabilities in state and local government IT systems, the newly formed U.S. Digital Response stepped in to help. Its successes offer insight into existing barriers and the future of the civic tech movement.

  • data analytics (

    More visible data helps drive DOD decision-making

    CDOs in the Defense Department are opening up their data to take advantage of artificial intelligence and machine learning tools that help surface insights and improve decision-making.

Stay Connected