Code Red Security Alert

Casino Zonder Cruks UK Gambling Sites Not On Gamstop Casino Not On Gamstop Non Gamstop Casinos Non Gamstop Casinos

Logo AntiVirus Software

Security Alert: Code Red - Updated 03/11/2003

Download the latest version of Command AntiVirus

Get the latest virus definition files

Buy Command AntiVirus online

New Variant: Code Red F Variant
Aliases: CodeRed.F, W32/CodeRed.f.worm, CODERED.F
Discovery Date: March 11, 2003

This version of Code Red has all of the characteristics of the original virus, differing only by two bytes from the original. Command AntiVirus version 4.58.3 or higher will detect and disinfect the virus.

Name: Code Red Variant
Aliases: W32/CodeRed.c.worm, CodeRed.C, Worm/RedCode.IIS.2, CodeRed.v3
Type: Exploit

Description:

This variant of the original Code Red worm was discovered on August 4, 2001. It uses the same buffer overflow vulnerability as the original to spread, but also has the ability to install a backdoor trojan onto the infected system. This allows any interested parties to have remote access to the infected system's web server.

This worm can be located on an infected system by the following string in the IIS log files:

/default.ida?XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXX%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%
u7801%u9090%u6858%ucbd3%u7801%u9090%u9090%u8190%u00c3%u0003%u8b00%u531
b%u53ff%u0078%u0000%u00=a

Detection of Backdoor Trojan:

Command Antivirus version 4.58.3 or higher with definition files dated 08/07/01 will detect this virus as a security risk or as a "backdoor" trojan.

Solution:

Apply the following patches, available on the Microsoft website:

http://www.microsoft.com/technet/security/bulletin/MS01-033.asp

http://www.microsoft.com/technet/security/bulletin/MS00-052.asp

Name: Code Red
Aliases: CodeRed, CodeRed.A, Bady
Type: Exploit

Description:

Code Red affects systems running an unpatched version of Microsoft Windows NT 4.0 and Windows 2000 with IIS 4.0 or 5.0. The worm is able to exploit a known buffer overflow vulnerability by sending its code as an HTTP request to its victim.

This worm can be located on an infected system by the following string in the IIS log files:

/default.ida?NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN
NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN
NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN
NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN%u9090%u6858%ucbd3%u7801%u9090%u6858%u
cbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u9090%u8190%u00c3%u0003%u8b00
%u531b%u53

Solution:

Apply the following patch, made available by Microsoft.

Protect your system from worms that exploit operating system and application vulnerabilities...

TotalCOMMAND™ performs an enterprise-wide discovery of our security software and patch configurations on all machines within your network. It reports the version and date of existing patches as well as any missing patch on each computer. TotalCOMMAND™ rolls out the patches at prescheduled time settings and without any end user intervention. Get TotalCOMMAND today.

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Home � Purchase Center � Virus Center � Support Center


			BUY NOW PRODUCT INFO SOFTWARE UPDATES LATEST DEFFILES


			Product Information Product Literature Tutorials Documentation - Manuals - Readmes - Quick Start Guide - Viewing Utilities Test Drives How to Buy Contact Us Latest DEF Files Latest Version Latest Patches

Recommended links