Technorati
Digg
Delicious
Reddit
StumbleUpon
Facebook
Yahoo
Twitter
Faves
Newsvine
- Discovered:
- August 4, 2001
- Updated:
- February 13, 2007 11:36:41 AM
- Also Known As:
- Codered II, Trojan.Win32.VirtualRoot [KAV], W32/CodeRed.c [McAfee], Troj/Codered-II [Sophos], Win32.CodeRed.C [CA], TROJ_CODERED.C [Trend]
- Type:
- Trojan Horse
- Systems Affected:
- Windows 2000, Windows NT
- CVE References:
- CVE-2000-0663
Trojan.VirtualRoot is a Trojan horse program that is dropped by the CodeRed II and CodeRed.F worms. The Trojan allows a hacker to have full remote access to the Web server that is infected by CodeRed II or CodeRed.F. Norton AntiVirus can detect an infection of CodeRed II or CodeRed.F on a Web server by detecting the payload (Trojan component) of this worm as Trojan.VirtualRoot.
Symantec Security Response has created a tool to perform a vulnerability assessment of your computer and remove the CodeRed Worm, CodeRed II and CodeRed.F. To obtain the CodeRed removal tool, please click here.
The Trojan.VirtualRoot Trojan takes advantage of a vulnerability in Windows NT and Windows 2000. Download and install the following Microsoft security patch to address that problem and to stop the Trojan from reinfecting the computer:
http://www.microsoft.com/technet/security/bulletin/MS00-052.asp
Antivirus Protection Dates
- Initial Rapid Release version August 4, 2001
- Latest Rapid Release version September 28, 2010 revision 054
- Initial Daily Certified version August 4, 2001
- Latest Daily Certified version September 28, 2010 revision 036
- Initial Weekly Certified release date August 4, 2001
Click here for a more detailed description of Rapid Release and Daily Certified virus definitions.
Threat Assessment
Wild
- Wild Level: Low
- Number of Infections: More than 1000
- Number of Sites: More than 10
- Geographical Distribution: High
- Threat Containment: Moderate
- Removal: Moderate
Damage
- Damage Level: Low
Distribution
- Distribution Level: Medium
Writeup By: Richard Cave
