| |
Code Red Worm
The spread of the computer worm known as "Code Red" has been the subject of wide speculation after taking the Internet by storm on the 19th July by infecting over 250,000 systems in just 9 hours.
Further mutations of this worm are expected, and it is thought that it may begin spreading again on the 31st July 2001 at 08:00 EDT (00:00 GMT). There have already been a number of very high-profile companies whose web sites have been defaced by this worm and there could potentially be many more if the worm becomes active again, and finds more vulnerable systems.
The worm spreads itself by probing other computers on the Internet, and using a vulnerability in the Indexing service in Microsoft's Internet Information Server (IIS) to infect the system. IIS is supplied with most versions of Windows NT and 2000, and can be protected from this issue by applying a patch released by Microsoft. Once a system is infected, it will go on to infect more systems, which will in turn infect more systems.
Whilst it appears that the worm will only deface the web pages on the system, the vulnerability that it exploits can allow arbitrary code to be executed in the "Local System" context, thus giving the attacker total control over the victim system.
I would like to take this opportunity to reassure you that our pro-active approach to security vulnerabilities, and the fact that the majority of our systems run Linux or FreeBSD, means that we have never been affected by this issue at any stage.
Tom White, Technical Director, Page Hosting
|
|
|
|
|
