Users login

Create an account »

JOIN XATRIX

Users login

Home » Hacking News » Code Red Worm Virus: 684 local servers hit

Code Red Worm Virus: 684 local servers hit

by ivy on August 3rd, 2001 CODE RED Worm has infected 684 local servers in its second wave of attack. Damaged were computer servers and networks belonging to higher institutions of learning, local firms and organisations.




On Wednesday, the day when Code Red re-emerged, 307 servers were hit. Yesterday, 377 reported to Malaysia Computer Emergency Respond Team (MyCert) that they were infected.



"The number of those infected comprises a majority of the worms infested on foreign host attacking local computers," said National ICT Security Emergency Response Centre (NISER) assistant director Raja Azrina Raja Othman.



"The attacks came from all over the world, including America, China, Japan and Australia." she said, adding that the problem is under control.



"Co-ordinated efforts of the entire security community and individual IIS server owners appear to have slowed down the infections," she said.



However, she said, there was a possibility many other infected hosts were not known or reported to MyCert, an organsation of reference for the local Internet community to deal with computer security incidents and methods of prevention.



Code Red Worm is an Internet worm. The characteristic of this self-replicated worm is to actively scan and infect.



It builds a database of Internet Protocal addresses to be scanned. It repeatedly scans the network to identify vulnerable systems, attack and infect the computers by installing itself.



Each newly-installed worm will repeat itself in the same manner and infect other computers.



It only attacks on host running on Microsoft IIS versions 4.0 and 5.0.



Raja Azrina said the spread of the destructive Sircam worm has slowed significantly, "but MyCert still consider it as a high-risk virus." She said MyCert analysis showed that about 300,000 e-mail users, Windows desktop/PC were infected.



Sircam can be contained if organisations and home-users take prompt action to clean the infected PC and install updated virus signatures on anti-virus software and ensure that the software works correctly.



Steps in prevention and recovery have been made available on various anti-virus web sites.



She said the public should also educate themselves not to open any attachment without ensuring they have an updated anti-virus.



by EDDIE CHUA



Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.

Contact

Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »