'Code Red II' worm reported on Internet
6th August 2001 (Utusan Malaysia)

WASHINGTON Aug 6 - Computer security experts warned of the spread of a new, destructive worm that is similar to Code Red, which infected computers around the world last week.

The new worm, dubbed Code Red II, moves faster than Code Red but can still be stopped by downloading a software patch for some Microsoft operating systems.

Code Red II attacks the same Internet-connected computers that were vulnerable to Code Red in the same fashion. Instead of just defacing Web sites and attempting to spread itself, however, the new worm leaves a "back door'' open on infected computers.

"This makes the computer available to whoever wants to get in,'' said Russ Cooper, of TruSecure Corp., a computer security firm. "Anyone who finds one of these boxes can do anything they want to it.''

Code Red II began spreading around the Internet Saturday morning. Despite its name, Code Red II is not a "variant'' of Code Red, but a completely new worm. Still, it infects via the same hole in some Microsoft operating systems.

"It won't affect machines that have already been patched,'' Cooper said. "Anyone who took precautions against Code Red should be safe against Code Red II.''

The new worm isn't as easy to track as Code Red, so there's no way to tell how many computers have been infected. According to analysis by security firm SecurityFocus, Code Red II looks for new targets more than 4,000 percent faster than Code Red.

Web site administrators running Microsoft Windows NT and 2000 operating systems, along with the Internet Information Services software, should download Microsoft's patch from the company's Web site. Users running Windows 95, 98 or Me are not vulnerable.

On the Net:

Microsoft Security Patch: http://www.microsoft.com/technet/security/bulletin/MS01-033.asp - AP