Search Solo Products, Services and others Overview of the Site Design and Build a Career Contact us for customer service and other feedback info SRN Micro Privacy Statement

 


SECURITY HOLE IN IIS SPREADS CORERED WORM

Virus Name  : IIS.CodeRed.F

Alias             : I-Worm/CodeRed.F, W32.Bady.C, CodeRed.III, CodeRed.F, W32.CodeRed.Worm

Virus type    : Internet worm

Threat level : Medium

Virus details :

                     CodeRed.F is a modified variant of original CodeRed worm. CodeRed spreads using .ida buffer overflow attack vulnerability in IIS Web servers. The worm will attack unprotected IIS servers only. It may slow down the entire network due to the large scale IP scanning.

                     Web administrators are requested to install the security patch provided by Microsoft. The patch can be downloaded from the link http://www.microsoft.com/technet/security/bulletin/MS01-033.asp and http://www.microsoft.com/technet/security/bulletin/MS01-044.asp. After installing the patch, the server should be restarted to remove active worm from memory.

                     The worm drops a backdoor program in the compromised computer. It allows hackers to take full control over the system. After removing the worm, the compromised system files should be checked carefully. It is advisable to restore all the disk contents from the backup.

                     CodeRed randomly generated IP addresses to spread. The worm will not write its copy in the hard disk. This worm is also known as I-Worm/CodeRed.F, W32.Bady.C, CodeRed.C, W32.CodeRed.Worm.

How can I protect my system?

                     To protect your server from CodeRed worm attack, web administrators are requested to install the security patch immediately. The patch can be downloaded from the following Microsoft link http://www.microsoft.com/technet/security/bulletin/MS01-033.asp and http://www.microsoft.com/technet/security/bulletin/MS01-044.asp. After installing the security patch, restart the system to remove virus from memory.

How to remove this worm?

                   If you are already infected with this worm, you can remove it from your computer using Solo Antivirus software. Solo antivirus can detect and remove CodeRed Worm safely. Use the following link to Download 30 day trial version of Solo antivirus to remove viruses from your computer.

                   Solo anti-virus not only scans for all viruses, it contains a unique System Integrity Checker to protect you from New Internet Worms, Backdoors and malicious VB, Java Scripts. It also effectively removes all existing Internet Worms, File viruses, malicious VB, Java scripts, Trojans, Backdoors, boot sector, partition table and macro viruses.

You can purchase Solo antivirus using the link