Code.Red.F triggers yellow alert warns Trend Micro

A new variant of the Code.Red worm poses a serious risk to IIS servers, according to Trend Micro

  • E-Mail
By  Mark Sutton Published  March 13, 2003

Trend Micro is warning of the risk from a new variant of the Code.Red worm. The worm, known as Code.Red.F, is currently in the wild, and poses a serious threat to Microsoft Internet Information Server (ISS) Web servers. Trend has set the threat level of the worm as ‘yellow’ status.

The worm uses a remote-buffer overflow vulnerability in ISS to give hackers root access to the web server.

A patch that will guard ISS servers from the worm is already available from Microsoft, patch MS01-033. For those users that believe they may have already been infected, Trend has a fix tool, available at www.antivirus.com/vinfo/security/fixcodec.exe.

The F variant is basically an update of the Code.Red.C worm, with the only difference being that C was set to trigger before 2002, while F will trigger through until 34952. While the potential damage caused by the worm is high, Trend reports a low level of reported infections so far.

Add a Comment

Your display name This field is mandatory

Your e-mail address This field is mandatory (Your e-mail address won't be published)

Security code