Son-of-Code-Red brings new risk to vulnerable servers

Son-of-Code-Red brings new risk to vulnerable servers

A new Internet worm that exploits the same vulnerability as Code Red is installing back doors on servers that leave infected machines wide open to future exploitation.

Although the new worm could be more dangerous than Code Red, the same patch that fixes the vulnerability in Microsoft's Internet Information Services software can thwart it. Most agencies have patched their systems and weathered the Code Red resurgence over the past week with only one reported infection, said Lawrence Hale, director of liaison for the Federal Computer Incident Response Team.

'The government was well-prepared for last week's propagation phase of Code Red,' Hale said. 'The same machines should be safe from the new variant. But for those machines that are not patched, the stakes have increased.'

The new worm seems to affect primarily systems running Windows 2000 and IIS. Rebooting infected machines can eliminate Code Red, but this will not remove the Trojan back door left by the new worm.

Because the malicious code can disguise itself and locating it can be difficult, the best course of action for servers running the vulnerable software is to reformat the hard drive and reinstall the operating system with the Microsoft patch, Hale said.

About the Author

William Jackson is a Maryland-based freelance writer.


  • Russia prying into state, local networks

    A Russian state-sponsored advanced persistent threat actor targeting state, local, territorial and tribal government networks exfiltrated data from at least two victims.

  • Marines on patrol (US Marines)

    Using AVs to tell friend from foe

    The Defense Advanced Research Projects Agency is looking for ways autonomous vehicles can make it easier for commanders to detect and track threats among civilians in complex urban environments without escalating tensions.

Stay Connected