While doing a search for CODE RED on NeoWin, the latest article displayed was posted on the 10th of September, 2001. And now it looks like Code Red might be resurrected again.
Security researchers presented data on Friday indicating that Code Red version 2, a 9-month-old worm, continues to spread slowly across the Internet, compromising computers and leaving them easily accessible to malicious attackers.
At present, more than 18,000 systems appear to be infected and, with a simple command, could be coopted into an attack that could take down any Web site, said Dug Song, a hacker and security architect for network protection firm Arbor Networks. Song was speaking at the CanSecWest security conference here.
"We are mostly concerned with the potential for a major distributed denial-of-service (DDoS) attack using the Code Red servers," Song said. A DDoS attack uses many computers to send a flood of data at a single target, overwhelming the victim"s connection, effectively cutting the victim off from the Internet.
Song presented the results of Arbor Networks" seven months of monitoring a large portion of the Internet. Code Red version 2--a variant of the original Code Red worm that fixed a bug in the program"s infection routines--has infected more than 18,000 computers as of April, up from around 14,000 computers in December, Song said.
Code Red and its two variants use a security hole in Microsoft"s flagship Web server--the Internet Information Server--to spread to computers that don"t have the vulnerability patched. As servers are infected with Code Red, the worm then scans the Internet using specially formatted data, searching for more vulnerable servers.