KUALA LUMPUR -- July 31, 2001 --
CodeRed Information:
CodeRed is a computer worm that exploits a known vulnerability (buffer overflow) in Microsoft's Index Server 2.0. If the system administrator has not deployed the patch, which has been available since June 18, the system will be vulnerable to the CodeRed worm and its attack that includes the following payloads:
* Defaces Web sites if the system's default language is in U.S. English, displaying the following message: "Welcome to http://www.worm.com! Hacked by Chinese!"
* Before the 20th of each month, the worm attempts to infect as many systems as possible by targeting random IP addresses.
* Between the 20th and 28th of each month, the worm attempts a denial-of-service attack on an IP address used by a Government Web site www.whitehouse.gov by sending large amounts of junk data. This Web site has been redirected and therefore is not affected.
* After the 28th of each month, the worm goes into an infinite sleep loop.
* On July 19th, it was estimated that approximately 250,000 machines worldwide had been infected. It has not been confirmed how many machines will wake from hibernation on August 1st.
* Symantec is concerned that small businesses and home users with IIS web servers are at risk as they may not be aware of the exploit and safeguard solutions.
*Symantec has two tools available to help users assess their risk. Both tools are free. The "FixCodeR" Assessment Tool is available from www.symantec.com/avcenter . This tool detects the presence of the worm on an NT system. Users can also visit Symantec Security Check, available at www.symantec.com/securitycheck , to scan their system for vulnerability to this exploit.
*Users can also download the patch from Microsoft at the following:
ABOUT SYMANTEC ANTIVIRUS RESEARCH CENTRE (SARC)
SARC is one of the industry's largest dedicated teams of virus experts. With offices located in the United States, Japan, Australia and the Netherlands, the sun never sets on SARC. The centre's mission is to provide swift, global responses to computer virus threats, proactively research and develop technologies that eliminate such threats and educate the public on safe computing practices. As new computer viruses appear, SARC develops identification and detection for these viruses and provides either a repair or delete operation, thus keeping users protected against the latest virus threats.
ABOUT SYMANTEC
Symantec, a world leader in Internet security technology, provides a broad range of content and network security solutions to individuals and enterprises. The company is a leading provider of virus protection, firewall and virtual private network, vulnerability management, intrusion detection, Internet content and e-mail filtering, remote management technologies and security services to enterprises around the world. Symantec's Norton brand of consumer security products leads the market in worldwide retail sales and industry awards.
Headquartered in Cupertino, Calif., Symantec has worldwide operations in 37 countries. For more information, please visit our Web site at www.symantec.com.
NOTE TO EDITORS: If you would like additional information on Symantec Corporation and its products, please view the Symantec Press Centre at http://www.symantec.com/region/au_nz/PressCenter/ on Symantec's Web site.
