Son-of-Code-Red brings new risk to vulnerable servers

Son-of-Code-Red brings new risk to vulnerable servers

A new Internet worm that exploits the same vulnerability as Code Red is installing back doors on servers that leave infected machines wide open to future exploitation.

Although the new worm could be more dangerous than Code Red, the same patch that fixes the vulnerability in Microsoft's Internet Information Services software can thwart it. Most agencies have patched their systems and weathered the Code Red resurgence over the past week with only one reported infection, said Lawrence Hale, director of liaison for the Federal Computer Incident Response Team.

'The government was well-prepared for last week's propagation phase of Code Red,' Hale said. 'The same machines should be safe from the new variant. But for those machines that are not patched, the stakes have increased.'

The new worm seems to affect primarily systems running Windows 2000 and IIS. Rebooting infected machines can eliminate Code Red, but this will not remove the Trojan back door left by the new worm.

Because the malicious code can disguise itself and locating it can be difficult, the best course of action for servers running the vulnerable software is to reformat the hard drive and reinstall the operating system with the Microsoft patch, Hale said.

About the Author

William Jackson is a Maryland-based freelance writer.

inside gcn

  • phishing email (Abscent/

    How agencies can protect against phishing attacks

Reader Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group