Sunday August 5 7:13 PM ET

New Variant of Code Red Computer Virus Sighted

LOS ANGELES (Reuters) - A new and possibly more virulent version of the ``Code Red'' computer worm was detected circulating the Internet over the weekend, attacking machines and leaving them vulnerable to other intruders, a leading Internet security site reported.

The Systems Administration, Networking and Security Institute (SANS) said in an advisory on its Web site that the latest variant of the computer virus seems to leave a ``back door'' in infected systems that makes them easy for an intruder to infiltrate.

Code Red surreptitiously infects computers running Microsoft Corp.'s Windows NT or 2000 operating systems and its IIS Web server software and then makes infected machines scan the Internet for more victims.

If the new worm spreads as quickly as last week's Code Red outbreak, hundreds of thousands of Web sites could be left open to computer hackers. Machines that had already been ``patched'' with Microsoft software aimed at thwarting the virus were not vulnerable to the new Code Red, computer experts said.

The SANS Institute said several sources reported that the number of probes to their home networks had increased and that a new worm, similar to Code Red, started circulating on Saturday.

The Internet security Web site said the most obvious difference between previous variants of Code Red and the latest one was that Web server logs will record a GET request containing ``XXXXXX'' instead of the familiar ``NNNNNN'' of Code Red.

Code Red first became a threat in mid-July, when the worm hit some 350,000 machines, including the official White House Web site.

White House technicians had to change the IP address, the series of numbers and dots that identifies the physical address of each machine connected to the Internet, to avoid being shut down by the worm.

Last week, another version of the worm infected an estimated 300,000 computers worldwide, but it did not cause any measurable impact on Web performance.

Some undisclosed Web sites, however, had to be taken off-line because the worm halted or overloaded routers and systems. The worm also knocked out Web servers at companies of various sizes as it commandeered them to scan for new victims.

Last week's onslaught also disturbed Defense Department systems, Pentagon (news - web sites) officials said.

The worm spreads by latching onto computer servers and then randomly sending itself to 100 other IP addresses, which in turn start scanning the Internet for more computers to hit. Since the Internet has no national boundaries, the worm has quite likely spread globally, and hits have been reported in South Korea (news - web sites), France and Britain.

-- Anonymous, August 05, 2001

Answers

My computer, in the last few days... has been pinged, tried invasions into my port, etc. So glad I have stuff to tell me who what and when and then stop it.

-- Anonymous, August 05, 2001

I agree Maggie! Zone Alarm is great. Make sure you have the latest upgrade, btw.

-- Anonymous, August 05, 2001

Now feeling not as smart as I did before....what upgrades???

-- Anonymous, August 06, 2001

zonalm26 is the latest one. I loaded it yesterday. Not sure when it came out.

-- Anonymous, August 06, 2001

Thanks, I guess I will read the e-mails that they sent me.

-- Anonymous, August 06, 2001