Virus type: Worm
Damage potential: High
Distribution potential: High
Description
Trend Micro reports that a new variant of the Code Red worm is currently spreading in the wild, and recommends that system administrators running IIS Web Servers ensure that they are patched. Similar to the other variants of Code Red, CodeRed.F makes use of a remote-buffer overflow vulnerability in Microsoft's Internet Information Server (IIS) that can give system level privileges to an attacker. It drops a backdoor program on an infected Web server, giving an attacker full access to this Web server and thereby compromising network security.
This worm poses no risk to Windows 95, 98, and ME users. Windows NT and 2000 users who do not have Microsoft's IIS Web Server installed are also at no risk. This worm only affects computers running Microsoft IIS that have not been patched with the Microsoft MS01-033 patch, first released in June 2001.
The only difference of this variant is the trigger date. CODERED.C runs if the year is less than 2002, whereas this variant, runs if the year is less than 34952.
Solution:
For automatic removal of this worm:
This worm may be automatically cleaned using Trend Micro's fix tool for CodeRed.C, Trend Micro suggests that you view the readme_codec.txt instructions before running the fix tool. To run the fix tool, open a command prompt and execute this tool or double-click it to execute from your browser. This tool is designed to run under Windows 2000 Servers (all versions) and Windows NT Servers. If you have a MD5 tool, the MD5 signature of this fix tool is efd4640c93f637e0bf8a841496e5b389
System administrators of Web servers using Microsoft Windows NT 4.0 or Windows 2000 should download and install the following Microsoft's patches for the .IDA vulnerability:
* MS01-033 patch
* MS01-044 patch
To verify whether this patch has been applied, you may run Trend Micro's free detection tool.
For more information on CODE RED.F please visit our Web site at: http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=CODERED
# # #
About Trend Micro
Trend Micro is a leader in network antivirus and Internet content security software and services. The Tokyo-based corporation has its European headquarters in Marlow, England, and business units worldwide. Trend Micro products are sold through corporate, value-added resellers and managed service providers. For additional information and evaluation copies of all Trend Micro products, visit: http://www.trendmicro-europe.com
Trend Micro Media Contact:
Europe
Anna Wright
Tel: +44 (0) 1628 400534
Email: anna_wright@trendmicro.co.uk
Lammers van Toorenburg PR
Francine Loos
Tel: +31 (0)30 6565 070
E-mail: francine@lvtpr.nl