New Code Red worm variant need not cause panic

Sophos Press Release

Code RedA new variant of the infamous Code Red worm is unlikely to cause much havoc, say Sophos experts.

The new worm, a minor variant of Code Red II, relies on a well known flaw in some versions of Microsoft's IIS web server software, but due to the high media profile and concern about earlier versions of Code Red many businesses have already protected themselves.

However, some system administrators may still not have taken appropriate action, despite Microsoft having first issued a patch against the vulnerability in 2001.

"Worms like Code Red not only infect your server, they also generate huge amounts of unnecessary internet traffic," said Graham Cluley, senior technology consultant for Sophos Anti-Virus. "Having an unpatched server is irresponsible, because you put yourself at risk whilst potentially spreading the worm to others. There is no excuse for sitting back and waiting to become a victim. If you use IIS and you haven't acted already, do so now."

Sophos recommends that users who have not already updated their versions of Microsoft IIS refer to the security bulletin published on Microsoft's website.

System administrators are also advised to consider subscribing to vulnerability mailing lists such as that operated by Microsoft at www.microsoft.com/technet/security/bulletin/notify.asp. Other vendors offer similar services.

One little known fact about the Code Red worm is that it acquired its name from the "Code Red" cherry flavour of the Mountain Dew soft drink. One of the first researchers to analyse the worm consumed large amounts of the drink whilst examining the worm's code.

More than 100 million users in 150 countries rely on Sophos’ complete security solutions as the best protection against complex threats and data loss. Simple to deploy, manage, and use, Sophos’ award-winning encryption, endpoint security, web, email, mobile and network security solutions are backed by SophosLabs - a global network of threat intelligence centers. Sophos is headquartered in Oxford, U.K., and is publicly traded on the London Stock Exchange under the symbol “SOPH.” More information is available at www.sophos.com/company.