Search Solo Products, Services and others Overview of the Site Design and Build a Career Contact us for customer service and other feedback info SRN Micro Privacy Statement

 


SECURITY HOLE IN IIS SPREADS CORERED WORM

Virus Name  : IIS.CodeRed

Alias             : W32.CodeRed.mm, I-Worm/CodeRed, W32.Bady, TROJ_CODERED, W32.CodeRed.Worm

Virus type    : Internet worm

Threat level : Low

Virus details :

                     CodeRed worm spreads using .ida buffer overflow attack vulnerability in IIS Web servers. The worm will attack unprotected IIS servers. Web administrators are requested to install the security patch provided by Microsoft. The patch can be downloaded from the link http://www.microsoft.com/technet/security/bulletin/MS01-033.asp . After installing the patch, the server should be restarted to remove active worm from memory.

                     The worm uses randomly generated IP addresses to spread. If the worm infects a vulnerable IIS server creates 100 threads first. Out of 100, it uses 99 threads to spread the worm and 100th thread checks to see if it is running on a English (US) Windows NT/2000 system.

                     If the infected system is found to be a English (US) system then the worm will proceed to deface the infected systems website. The local web servers web page will be changed to a message that says Welcome to "http://www.worm.com !, Hacked By Chinese!". The worm also creates a file "C:\networm" in the system. The worm includes code designed to flood www.whitehouse.gov.

                     This worm is also known as W32.CodeRed.mm, I-Worm/CodeRed, W32.Bady, TROJ_CODERED, W32.CodeRed.Worm.

How can I protect my system?

                     To protect your server from CodeRed worm attack, web administrators are requested to install the security patch immediately. The patch can be downloaded from the following Microsoft link http://www.microsoft.com/technet/security/bulletin/MS01-033.asp

How to remove this worm?

                   If you are already infected with this worm, you can remove it from your computer using Solo Antivirus software. Solo antivirus can detect and remove CodeRed Worm safely. Use the following link to Download 30 day trial version of Solo antivirus to remove viruses from your computer.

                   Solo anti-virus not only scans for all viruses, it contains a unique System Integrity Checker to protect you from New Internet Worms, Backdoors and malicious VB, Java Scripts. It also effectively removes all existing Internet Worms, File viruses, malicious VB, Java scripts, Trojans, Backdoors, boot sector, partition table and macro viruses.

You can purchase Solo antivirus using the link