The CODE RED worm exploits a security hole in the Microsoft IIS Web Server version 4.0, Microsoft IIS Web Server 5.0 and unpatched Cisco 600 series DSL routers to spread to other servers. It attacks servers with Windows NT or 2000 using the Microsoft IIS web server software. It will scan for web servers using the IIS web server software and when it finds a server with the IIS web server software that has not been patched with the security patch it will infect that server.
Antivirus programs are useless as no physical file exists in the infected server. All that is needed to remove the worm from memory for those who are infected is to reboot the server.The only way to stop the worm is to get a security patch for the IIS Web Server from Microsoft website at: