Son-of-Code-Red brings new risk to vulnerable servers

Son-of-Code-Red brings new risk to vulnerable servers

A new Internet worm that exploits the same vulnerability as Code Red is installing back doors on servers that leave infected machines wide open to future exploitation.

Although the new worm could be more dangerous than Code Red, the same patch that fixes the vulnerability in Microsoft's Internet Information Services software can thwart it. Most agencies have patched their systems and weathered the Code Red resurgence over the past week with only one reported infection, said Lawrence Hale, director of liaison for the Federal Computer Incident Response Team.

'The government was well-prepared for last week's propagation phase of Code Red,' Hale said. 'The same machines should be safe from the new variant. But for those machines that are not patched, the stakes have increased.'

The new worm seems to affect primarily systems running Windows 2000 and IIS. Rebooting infected machines can eliminate Code Red, but this will not remove the Trojan back door left by the new worm.

Because the malicious code can disguise itself and locating it can be difficult, the best course of action for servers running the vulnerable software is to reformat the hard drive and reinstall the operating system with the Microsoft patch, Hale said.

About the Author

William Jackson is a Maryland-based freelance writer.


  • Records management: Look beyond the NARA mandates

    Pandemic tests electronic records management

    Between the rush enable more virtual collaboration, stalled digitization of archived records and managing records that reside in datasets, records management executives are sorting through new challenges.

  • boy learning at home (Travelpixs/

    Tucson’s community wireless bridges the digital divide

    The city built cell sites at government-owned facilities such as fire departments and libraries that were already connected to Tucson’s existing fiber backbone.

Stay Connected