LOS ANGELES: A new and possibly more virulent version of the "Code
Red" computer worm was detected circulating the Internet over the weekend,
attacking machines and leaving them vulnerable to other intruders, a leading
Internet security site reported.
The Systems Administration, Networking and Security Institute (SANS) said in
an advisory on its Web site that the latest variant of the computer virus seems
to leave a "back door" in infected systems that makes them easy for an
intruder to infiltrate.
Code Red surreptitiously infects computers running Microsoft Corp.'s Windows
NT or 2000 operating systems and its IIS Web server software and then makes
infected machines scan the Internet for more victims.
If the new worm spreads as quickly as last week's Code Red outbreak, hundreds
of thousands of Web sites could be left open to computer hackers. Machines that
had already been "patched" with Microsoft software aimed at thwarting
the virus were not vulnerable to the new Code Red, computer experts said.
The SANS Institute said several sources reported that the number of probes to
their home networks had increased and that a new worm, similar to Code Red,
started circulating on Saturday.
The Internet security Web site said the most obvious difference between
previous variants of Code Red and the latest one was that Web server logs will
record a GET request containing "XXXXXX" instead of the familiar
"NNNNNN" of Code Red.
Code Red first became a threat in mid-July, when the worm hit some 350,000
machines, including the official White House Web site. White House technicians
had to change the IP address, the series of numbers and dots that identifies the
physical address of each machine connected to the Internet, to avoid being shut
down by the worm.
Last week, another version of the worm infected an estimated 300,000
computers worldwide, but it did not cause any measurable impact on Web
performance. Some undisclosed Web sites, however, had to be taken off-line
because the worm halted or overloaded routers and systems. The worm also knocked
out Web servers at companies of various sizes as it commandeered them to scan
for new victims.
Last week's onslaught also disturbed US Defense Department systems, Pentagon
officials said.
The worm spreads by latching onto computer servers and then randomly sending
itself to 100 other IP addresses, which in turn start scanning the Internet for
more computers to hit. Since the Internet has no national boundaries, the worm
has quite likely spread globally, and hits have been reported in South Korea,
France and Britain.
Britain issues alert over new computer worm
LONDON: Britain warned computer users on Sunday to beware of a new and
potentially more dangerous variant of the Code Red worm, which infected hundreds
of thousands of machines worldwide last week.
The new virus exploited the same vulnerability that allowed earlier worms to
infect servers, but also installed a so-called "Trojan Horse" on
infected systems, giving full remote control to computer hackers, officials
said. "Computer users may notice some localized disruption on the Internet,
the precise scale of which is hard to predict," Britain's Home Office
(interior ministry) said in a statement.
"Depending on how the 'Trojan' is exploited, far more serious disruption
is possible. It could be used to attack the Internet infrastructure or to target
specific sites."
The Home Office advised that rebooting killed the worm on infected computers
and applying a free software patch prevented future infection. The patch for
computers running Microsoft Corp's Windows NT and 2000 operating systems as well
as its IIS software can be downloaded from various sites.
Windows 95, 98 and ME are not vulnerable to the virus.
(C) Reuters Limited 2001.