HomeDeveloper

New Worm On the Loose

Thor Olavsrud
By Thor Olavsrud

A new worm, aping the injection vector of the now infamous Code Red worm but
carrying a much more dangerous payload, was found in the wild Sunday
according to security firms Security Focus and eEye Digital Security.

“There is in fact a completely brand new worm loose on the net right now,”
said Ryan Permeh and Marc Maiffret of Eye Digital Security in an analysis
Sunday morning. “It uses the same injection vector as the first Code Red
worm, however, this second worm has a completely different payload than the
first worm. Therefore, this second worm is not a variant of the first Code
Red worm.”


Like the Code Red worm, this worm exploits a buffer overflow in Microsoft
Corp.’s IIS 4.0 and 5.0 Web server software. But this worm has been designed
to scour far more IP addresses than Code Red — allowing it to spread much
further — while at the same time causing more data to sent across networks,
increasing the possibility of massive latency. But the worm doesn’t stop
there. It also delivers a trojan designed to dump root.exe (cmd.exe) and
create backdoors into an infect system that allow an attacker to remotely
access that server.


However, though it is a different worm, the fix is the same. Microsoft’s patch, released in June, blocks the worm. This worm only infects
Windows 2000 systems. The worm will simply crash a vulnerable NT 4.0 system.

As far as detection goes, enterprise testing and performance management solutions provider Mercury Interactive Corp. is offering to scan any organization’s Internet infrastructure for both Code Red and Code Red II free of charge.

“Diligent prevention is the key to fighting attacks using the Internet like the Code Red and Code Red II worms,” said Ken Klein, chief operating officer at Mercury. “If an organization misses even one machine in their infrastructure, they leave the door open to infection — or to potential infiltration. ActiveTest SecureCheck can very quickly determine if a system is vulnerable.”

To schedule a free scan or get more information, visit the site, or call mercury at 800-TEST911 in the U.S., 1-408-822-5200 internationally.

Thor Olavsrud
Thor Olavsrud
Previous article
Office XP: Two Thirds of German Users Against Compulsory Registration
Next article
Envision Wins Award for Contact Center Software

Similar Posts

Get the Free Newsletter!

Subscribe to our newsletter.

Subscribe to Daily Tech Insider for top news, trends & analysis

News Around the Web

InternetNews is a source of industry news and intelligence for IT professionals from all branches of the technology world. InternetNews focuses on helping professionals grow their knowledge base and authority in their field with the top news and trends in Software, IT Management, Networking & Communications, and Small Business.

Advertisers

Advertise with TechnologyAdvice on InternetNews and our other IT-focused platforms.

Advertise with Us

Menu

Our Brands

Property of TechnologyAdvice.
© 2021 TechnologyAdvice. All Rights Reserved

Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.