Code Red II Worms Its Way Deeper Into Internet
Computers infected with the worm were being used to attack other parts of the Internet, experts said, with the second generation of the virus proving even more malicious and resilient than its predecessor.
Experts in the U.S., Europe and Asia reported attacks by the pernicious worm, with one South Korean government department being closed down because of infection.
The new version -- which first surfaced on Saturday -- spreads through a hole in Microsoft's Internet information server web software running on Windows NT and 2000 computers.
It leaves a "back door" on infected computers which advertise their vulnerability by scanning web-connected machines, sometimes launching coordinated attacks on other parts of the Internet.
"We're already seeing reports of denial of service attacks starting up," said Alan Paller, research director at the System Administration, Networking and Security Institute (SANS) in Bethesda, Maryland.
He was referring to attacks launched by Code Red which are designed to shut down web sites by overwhelming them with excessive traffic, prompting a denial of service.
"We have evidence that it has happened but no idea of its prevalence or severity," said Steve Gibson, president of Gibson Research in Laguna Hills, California.
In order to protect their systems, network administrators need to remove the "back door" from their systems and reformat and reinstall all the software on the computer -- in addition to installing the software patch that closes the loophole that Code Red exploited, security analysts said.
"Even after you apply the Microsoft patch and remove the Trojan (horse) back door it's impossible to know what might have been done to your system while it was open," said Gibson.
The economic damage caused by the Code Red worms has risen to near $2 billion, up from an estimated $1.2 billion as of a week earlier, according to Computer Economics, Californian research company that keeps a tally of computer viruses.