SecurityFocus Identifies New Variant of “Code Red” Worm

First to alert more than 40,000 administrators of infected IP addresses; executives available to offer analysis

San Mateo, Calif.-July 20, 2001-SecurityFocus, the leading provider of security intelligence services for business, was first to identify a new variant of the Code Red worm, which has already attacked hundreds of thousands of Windows IIS servers. The new variant is more efficient and relatively undetectable, randomly infecting new hosts across the entire Internet without defacing the sites. With access to the largest amount of global attack data available, SecurityFocus is the first company to notify the administrators of more than 40,000 infected IP addresses-the highest volume of incident notification thus far with the worm.

“The need for early alerts is essential to effectively manage attacks of this magnitude and control your IT infrastructure,” said Elias Levy, CTO of SecurityFocus. “We are the only company with the capability to identify and analyze attacks on an international level, helping companies across the globe prioritize implementation of security patches, thereby saving money and time in ensuring their security posture.”

Through extensive analysis of both the original worm and newly discovered variant strain, SecurityFocus has tracked the progress of the worm and confirms:

It is likely that we will see another new variant of the worm

The top attack source countries seen to date are: US, Italy, Netherlands, UK, Canada, Germany, S. Korea, Colombia, and Australia.

SecurityFocus recommends that the appropriate patches be applied. The worm is memory resident so it can be eradicated through a system shutdown. More information on patching is available at the following addresses:

IIS4: http://www.microsoft.com/technet/treeview/default.asp?url=/TechNet/columns/questions/iischeck.asp

IIS5: http://www.microsoft.com/technet/treeview/default.asp?url=/TechNet/prodtechnol/iis/deploy/depovg/securiis.asp

More information on the attack is available at:aris.securityfocus.com/alerts/codered

To arrange interviews, contact Schwartz Communications: Tara Dugan at 415-412-4177 or Dara Sklar at 415-512-0770.

Don't miss