The CODE RED worm exploits a security hole in the Microsoft IIS Web Server version 4.0, Microsoft IIS Web Server 5.0 and unpatched Cisco 600 series DSL routers to spread to other servers. It attacks servers with Windows NT or 2000 using the Microsoft IIS web server software. It will scan for web servers using the IIS web server software and when it finds a server with the IIS web server software that has not been patched with the security patch it will infect that server.

Antivirus programs are useless as no physical file exists in the infected server. All that is needed to remove the worm from memory for those who are infected is to reboot the server.The only way to stop the worm is to get a security patch for the IIS Web Server from Microsoft website at:

The CODE RED 2 is a more dangerous strain of the CODE RED worm as it will plant a trojan that will open a backdoor in the servers it infects. This backdoor will make it possible for the files in the server to be accessed.

Return Home