• silicon.com
• Technology
• Security

By Joey Gardiner, 7 August 2001 18:43

NEWS The latest version of the Code Red worm may still be causing tension across the web, but it's still failed to live up to the hype generated by the anti-virus vendors. Newsgroups report a number of high-profile firms suffering infections from the new variant, which leaves a trojan horse code on infected servers, rendering them vulnerable to hackers. Anti-virus vendor Symantec reported that sightings of the new worm - dubbed Code Red v3, even though it is not directly related to the original code - peaked yesterday afternoon with infection rates far higher than at the peak of the original outbreak. However, it now estimates that since then, infection has slowed, with at least 15,000 web-servers compromised. The original Code Red outbreak in July infected in the region of 300,000 servers running Microsoft's IIS software. The latest worm is not a direct relative of the original, but simply exploits the same vulnerability in the Microsoft software. It is thought to be the work of Spanish virus writing group 29A. There have been reports of BT, and broadband operator @Home being hit by the worm. BT's Openworld website displays a message informing users: "We have become aware that some of our users may have been affected by the Code Red virus," which then goes on to direct them to the Microsoft patch to plug the security hole. However, a BT spokesman said he is "pretty certain" that no BT users have been infected via BT, but he did admit that the performance for its ISP customers yesterday was impaired because of new software installed to combat attacks from the worm. The web as a whole has not suffered from the new outbreak. Web monitoring organisation Keynote said it had seen no noticeable downgrading in web performance due to the worm. In July, Microsoft was left red-faced as its servers became infected by the worm, despite the fact it posted a patch to plug the IIS vulnerability a month earlier.