Virus Alert: Computer Associates calls new variant of Code Red worm medium to high risk

Computer Associates (CA) today classified as medium-to-high risk a new variant of the Code Red worm, a self-propagating malicious computer program.

Unlike previous versions, this new variant manipulates system settings, and installs and launches a Trojan version of Windows File Explorer. This can leave the infected computer open to remote connections making it possible for files to be accessed and stolen.

According to a preliminary analysis by CA`s eTrust global anti-virus researchers, the new variant affects Microsoft Windows 2000 system running Microsoft Internet Information Server (IIS).

CA urges IIS administrators to immediately apply the software patch issued by Microsoft that addresses the known vulnerability exploited by this and previous versions of the Code Red worm. Visit http://ca.com/virusinfo/virusalert.htm#CodeRed for additional information and links to software patches.

"What`s particularly troublesome about this new variant of Code Red is its ability to open up an infected computer system completely to the Internet," said Rudi de Sousa, technical consultant at Computer Associates. "This means that an intruder could browse and even download files from a company`s Internet server that hasn`t been patched to defend against Code Red."

"What we`re seeing," continued de Sousa, "is the development of a trend whereby a successful malware attack such as Code Red often resurfaces in new forms, building on the capabilities of the previous attack. Administrators should continue to stay abreast of the vulnerabilities that may affect critical computing assets."

CA`s eTrust global anti-virus researchers will soon release a new signature for its award-winning anti-virus solutions - eTrust InoculateIT, eTrust Antivirus and eTrust EZ Anti-virus. Additional information is available at http://ca.com/virusinfo.