Code Red Round 2: Infected Servers Piling Up
- By Scott Bekker
- August 02, 2001
An organization monitoring the number of servers infected by the Code Red Worm was reporting Thursday afternoon that the total nearly rivaled all the servers infected in the worm's first round.
The SANS Internet Storm Center reported that 276,237 servers were infected Aug. 1. In its original July outbreak, the worm infected 280,391 hosts, according to the center.
The Code Red worm affects Internet Information Server/Services version 4.0 and 5.0 running on Windows NT and Windows 2000. Once a machine is infected, it spends the first 19 calendar days of the month scanning other machines for vulnerability to infection. The next nine days are dedicated to a denial-of-service attack against the White House Web site.
The worm emerged in mid-July but only ran wild for a few days or a week before its self-coded date for cutting off its port scanning activity. The vulnerability it relies upon in IIS was discovered and patched in June.
U.S. government agencies, security organizations and companies unleashed a massive education campaign in late July to try to get system administrators to patch their systems before the worm resurfaced at the beginning of this month. Some observers say many of the IIS systems infected in this most recent outbreak are located in Asia.
Scott Bekker is editor in chief of Redmond Channel Partner magazine.