CurzTech News Network
CurzTech News Network | CurzTech World News | CurzTech U.S. News | CurzTech Entertainment News | CurzTech Political News | CurzTech Conspiracy News | Yesterday's News | Offsite Archive
Cluley said so few servers are vulnerable that a widespread attack is unlikely, but even a contained infection could cause Internet slowdowns and other problems.
Security firms have discovered another variant of the Code Red worm that wreaked havoc on computer systems worldwide in the summer of 2001. However, it appears that measures taken in the wake of that attack may prevent the new virus from spreading or causing significant damage.
Symantec (Nasdaq: SYMC) said it spotted the virus, which is termed CodeRed.F and also has been labeled Code Red III, on a small number of computer systems in Europe.
The worm differs by just two bytes of information from the Code Red II virus first spotted in August 2001, just weeks after the original Code Red unleashed a slew of denial-of-service attacks that brought down or infected some 350,000 servers, including the one powering the White House Web site. Code Red was blamed for an estimated US$2 billion in damage and downtime to networks worldwide. Moderate Threat
Symantec ranked the new variant as a "moderate," or level 3, threat, saying it is "potentially dangerous" if it spreads rapidly. The main difference from the original Code Red is a change in the so-called expiration date. Whereas the original worm would only spread if the year was less than 2002, the new version replaces that date with the year 34952.
Like earlier versions, the virus searches for vulnerable Microsoft (Nasdaq: MSFT) IIS servers. Once it reaches the memory of such servers, it installs a file named Trojan.VirtualRoot that can give hackers full access to the server , including the ability to launch further attacks.
Lag Time
Researchers at security consulting firm Sophos agreed that this new variant does not pose too great a risk, because media attention on earlier attempts to exploit the same flaw in Microsoft's IIS software led to widespread patching. Microsoft has released a series of fixes and a cumulative patch for IIS.
The first sightings of the variant occurred in Japan and Italy. As of early Thursday, Symantec also had reported unconfirmed cases on networks in Germany.
"Having a server that hasn't been patched at this point is just plain irresponsible," Sophos consultant Graham Cluley told NewsFactor. "An attack would not just infect a single server, but create a huge amount of traffic on the Internet that results in other problems and ratchets up the cost of these attacks."
Cluley said so few servers are vulnerable that a widespread attack is unlikely, but even a contained infection could cause Internet slowdowns and other problems.
Cyber War of Words?
Sophos, meanwhile, warned that another variant of the Yaha worm has been spotted and apparently is being used as a tool of cyberwarfare between groups in India and Pakistan.
Sophos said the worm, also known as W32, usually arrives via e-mail. The Yaha.Q version apparently attempts to launch denial-of-service attacks against Web sites in Pakistan. The messages also have carried political screeds, messages to other hackers and even a message to an antivirus researcher.
© 1998-2003 Triad Commerce Group, LLC. All rights reserved. See Terms of Use and Privacy notice.
[an error occurred while processing this directive]